|
|
|
|
| |
Linksys Group Inc. currently sells several broadband router products, including:
* BEFW11S4, Wireless Access Point Router with 4-Port Switch - Version 2
* BEFSR11, EtherFast? Cable/DSL Router
* BEFSR41, EtherFast? Cable/DSL Router with 4-Port Switch
* BEFSRU31, EtherFast? Cable/DSL Router with USB and 3-Port Switch
A vulnerability in the product allows remote attackers to cause it to crash. |
| |
Credit:
The information has been provided by David Endler from iDEFENSE, the vulnerability was discovered by Alex S. Harasic.
|
| |
Description:
The BEFW11S4, BEFSR11, BEFSR41 and BEFSRU31 can be crashed when several thousand characters are passed in the password field of the device's web management interface. Exploitation simply requires the use of a web browser that can send long Basic Authentication fields to the affected router's interface.
Analysis:
Remote exploitation is only possible if the remote web management interface is enabled (this is disabled by default). An attacker on the internal network can access the web management interface by using a web browser and accessing the URL http://192.168.1.1 (default URL).
Detection:
The BEFW11S4, BEFSR11, BEFSR41, and BEFSRU31 devices with firmware earlier than version 1.43.3 are affected. iDEFENSE confirmed susceptibility on the BEFW11S4. Linksys indicated that the BEFSR11, BEFSR41 and BEFSRU31 are also affected.
Workaround:
Disable the remote web management interface on the affected router.
Recovery:
Cycling power through the affected device should restore normal functionality; pressing the "Reset" button on the router is insufficient.
Vendor fix:
Linksys firmware 1.43.3, which is available at: http://www.linksys.com/download/, fixes the problem on all the affected devices.
Disclosure timeline:
11/02/2002 Issue disclosed to iDEFENSE
11/06/2002 Linksys notified (jay.price@linksys.com)
11/11/2002 Linksys response (diana.ying@linksys.com)
11/18/2002 iDEFENSE clients notified
11/19/2002 Public disclosure
|
|
|
|
|
|
|
|
|
|
