Gigafast EE400-R Router Multiple Remote Vulnerabilities
BID:12612
Info
Gigafast EE400-R Router Multiple Remote Vulnerabilities
| Bugtraq ID: | 12612 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Feb 21 2005 12:00AM |
| Credit: | Discovery of these vulnerabilities is credited to "Gary H. Jones II" <[email protected]>. |
| Vulnerable: |
Gigafast EE400-R |
| Not Vulnerable: | |
Discussion
Gigafast EE400-R Router Multiple Remote Vulnerabilities
Multiple vulnerabilities are reported to affect the Gigafast EE400-R router. The following individual vulnerabilities are reported:
An information disclosure vulnerability is reported to affect the router. It is reported that an authentication interface exists on the appliance, but a direct request for a backup configuration file is permitted without requiring authentication.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against the target appliance.
A remote denial of service vulnerability is reported to affect the Gigafast router. It is reported that when the certain functionality is enabled the affected router, the router will crash when a malformed DNS query is handled.
A remote attacker may exploit this vulnerability to deny network services for legitimate users.
Multiple vulnerabilities are reported to affect the Gigafast EE400-R router. The following individual vulnerabilities are reported:
An information disclosure vulnerability is reported to affect the router. It is reported that an authentication interface exists on the appliance, but a direct request for a backup configuration file is permitted without requiring authentication.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against the target appliance.
A remote denial of service vulnerability is reported to affect the Gigafast router. It is reported that when the certain functionality is enabled the affected router, the router will crash when a malformed DNS query is handled.
A remote attacker may exploit this vulnerability to deny network services for legitimate users.
Exploit / POC
Gigafast EE400-R Router Multiple Remote Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
Gigafast EE400-R Router Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Gigafast EE400-R Router Multiple Remote Vulnerabilities
References:
References:
- Gigafast/CompUSA router (model EE400-R) vulnerabilities ("Gary H. Jones II"