Conexant AccessRunner DSL Console Default Backdoor Account Vulnerability
BID:12507
Info
Conexant AccessRunner DSL Console Default Backdoor Account Vulnerability
| Bugtraq ID: | 12507 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2005 12:00AM |
| Updated: | Feb 09 2005 12:00AM |
| Credit: | Adam Laurie <[email protected]> disclosed this vulnerability. |
| Vulnerable: |
Mentor MR4C/UK DSL Router Conexant AccessRunner DSL Console 3.27 |
| Not Vulnerable: | |
Discussion
Conexant AccessRunner DSL Console Default Backdoor Account Vulnerability
It has been reported that Conexant AccessRunner DSL Console software has built-in administrative access that cannot be disabled.
This vulnerability reportedly allows remote attackers to reset the router to default settings, denying legitimate users network access. Other attacks are also likely possible.
It is unknown at this time if remote attackers can access the administrative interface via the WAN interface of affected devices.
Mentor MR4C/UK devices are reported susceptible to this vulnerability. Due to code reuse across products, it is likely that other devices are also affected.
It has been reported that Conexant AccessRunner DSL Console software has built-in administrative access that cannot be disabled.
This vulnerability reportedly allows remote attackers to reset the router to default settings, denying legitimate users network access. Other attacks are also likely possible.
It is unknown at this time if remote attackers can access the administrative interface via the WAN interface of affected devices.
Mentor MR4C/UK devices are reported susceptible to this vulnerability. Due to code reuse across products, it is likely that other devices are also affected.
Exploit / POC
Conexant AccessRunner DSL Console Default Backdoor Account Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Conexant AccessRunner DSL Console Default Backdoor Account Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Conexant AccessRunner DSL Console Default Backdoor Account Vulnerability
References:
References:
- Conexant Home Page (Conexant)
- yet another DSL modem backdoor - Mentor (Conexant) (Adam Laurie