Netopia 650-T ISDN Router Username/Password Disclosure Vulnerability
BID:1952
Info
Netopia 650-T ISDN Router Username/Password Disclosure Vulnerability
| Bugtraq ID: | 1952 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 16 2000 12:00AM |
| Updated: | Nov 16 2000 12:00AM |
| Credit: | Reported to bugtraq by The Proton <[email protected]> on Thu, 16 Nov 2000. |
| Vulnerable: |
Netopia 650-ST ISDN Router 3.3.2 firmware |
| Not Vulnerable: | |
Discussion
Netopia 650-T ISDN Router Username/Password Disclosure Vulnerability
A vulnerability exists in the Netopia 650-ST ISDN router, firmware version 3.3.2.
A user connected to the unit's telnet interface can cause the device's system logs to be displayed with a simple keystroke entered by the user at the login screen.
[CTRL]-E - displays the device event log
[CTRL]-F - displays the WAN event log.
Access to this information by a malicious remote user can lead to a compromise of sensitive information including usernames and passwords.
A vulnerability exists in the Netopia 650-ST ISDN router, firmware version 3.3.2.
A user connected to the unit's telnet interface can cause the device's system logs to be displayed with a simple keystroke entered by the user at the login screen.
[CTRL]-E - displays the device event log
[CTRL]-F - displays the WAN event log.
Access to this information by a malicious remote user can lead to a compromise of sensitive information including usernames and passwords.
Exploit / POC
Netopia 650-T ISDN Router Username/Password Disclosure Vulnerability
Currently the SecurityFocus staff are not ware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not ware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Netopia 650-T ISDN Router Username/Password Disclosure Vulnerability
Solution:
From the vendor:
"we have not released firmware for this product in nearly 2 years and there are no plans to release any further firmware updates for this product. All of our currently shipping products will accept the current firmware which has this issue resolved."
Solution:
From the vendor:
"we have not released firmware for this product in nearly 2 years and there are no plans to release any further firmware updates for this product. All of our currently shipping products will accept the current firmware which has this issue resolved."
References
Netopia 650-T ISDN Router Username/Password Disclosure Vulnerability
References:
References: