|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FlowPoint DSL router vulnerability
Scott Drassinower (scottd
CLOUD9.NET)
Sat, 7 Aug 1999 12:07:05 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: David Wagner: "Re: Linux blind TCP spoofing, act II + others"
- Previous message: Malikai: "FW1 UDP Port 0 DoS"
It involves a bug that allows a password recovery feature to be utilized
from the LAN or WAN instead of just the serial console port.
Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
allow you to get access to the box to do whatever you want. It appears as
if the problem started in 3.0.4, but I am not totally certain about that.
-- Scott M. Drassinower scottdOn Thu, 5 Aug 1999, Matt wrote:
> The following URL contains information about a firmware upgrade for > FlowPoint DSL routers that fixes a possible "security compromise". > FlowPoint has chosen not to release ANY information whatsoever about the > vulnerability. I was curious if anyone had any more information > about this vulnerability than what FlowPoint is divulging. > > http://www.flowpoint.com/support/techbulletin/sec308.htm > > thnx > > -- > I'm not nice, I'm vicious--it's the secret of my charm. >
- Next message: David Wagner: "Re: Linux blind TCP spoofing, act II + others"
- Previous message: Malikai: "FW1 UDP Port 0 DoS"
This archive was generated by hypermail 2.0b3 on Mon Aug 09 1999 - 07:55:16 CDT