Dear Full Disclosure community, we are a group of security researchers doing our IT Security Master's Thesis at Universidad Europea de Madrid. As a part of the dissertation, we have discovered multiple vulnerability issues on the following SOHO routers: 1. Observa Telecom AW4062 2. Comtrend WAP-5813n 3. Comtrend CT-5365 4. D-Link DSL-2750B 5. Belkin F5D7632-4 6. Sagem LiveBox Pro 2 SP 7. Amper Xavi 7968 and 7968+ 8. Sagem Fast 1201 9. Linksys WRT54GL 10. Observa Telecom RTA01N 11. Observa Telecom Home Station BHS-RTA 12. Observa Telecom VH4032N 13. Huawei HG553 14. Huawei HG556a 15. Astoria ARV7510 16. Amper ASL-26555 17. Comtrend AR-5387un 18. Netgear CG3100D 19. Comtrend VG-8050 20. Zyxel P 660HW-B1A 21. Comtrend 536+ 22. D-Link DIR-600 The aforementioned vulnerabilities are: - Persistent Cross Site Scripting (XSS) on #1, #2, #3, #6, #10, #12, #13, #14, #16, #17, #18, #19 and #20. - Unauthenticated Cross Site Scripting on #3, #7, #8, #9, #10, #14, #16, #17 and #19. - Cross Site Request Forgery (CSRF) on #1, #2, #3, #5, #10, #12, #13, #14, #15, #16, #18 and #20. - Denial of Service (DoS) on #1, #5 and #10. - Privilege Escalation on #1. - Information Disclosure on #4 and #11. - Backdoor on #10. - Bypass Authentication using SMB Symlinks on #12. - USB Device Bypass Authentication on #12, #13, #14 and #15. - Bypass Authentication on #13 and #14. - Universal Plug and Play related vulnerabilities on #2, #3, #4, #5, #6, #7, #10, #11, #12, #13, #14, #16, #21 and #22. CVEs have already been requested to MITRE and other CNAs (since MITRE is taking forever to assign a CVE) and we are waiting for response. OSVDB IDs have been assigned. Vendors and manufacturers have already been reported. All routers have been physically tested. ============================================================================================ Manufacturer: Observa Telecom Model: AW4062 Tested firmwares: 1.3.5.18 and 1.4.2 (latest) Comments: Common router that Spanish ISP Telefónica used to give away to their ADSL customers specially during 2012.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment