NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2006-q1

[SA18483] Intracom JetSpeed ADSL Modem Information Disclosure

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Jan 16 2006 - 11:17:04 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Intracom JetSpeed ADSL Modem Information Disclosure

SECUNIA ADVISORY ID:
SA18483

VERIFY ADVISORY:
http://secunia.com/advisories/18483/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

OPERATING SYSTEM:
Intracom JetSpeed 500/500i
http://secunia.com/product/6835/
Intracom JetSpeed 520/520i
http://secunia.com/product/6836/

DESCRIPTION:
Dinos has reported a security issue in Intracom JetSpeed ADSL Modem,
which can be exploited by malicious people to disclose potentially
sensitive information.

The problem is caused due to several pages from the web management
interface of the modem being accessible without requiring
authentication. This can be exploited to disclose username
information from the "/cli/list_users.txt" file.

The security issue has been reported in Jetspeed 500 and 520 modems
that use the Virata-EmWeb web server release 6_1_0.

NOTE: Older firmware versions reportedly has the default username and
password of “intracom/123456″, which can't be changed.

SOLUTION:
Ensure that a strong password is set for all user accounts created in
the modem.

PROVIDED AND/OR DISCOVERED BY:
Dinos

ORIGINAL ADVISORY:
http://blog.globalnetworks.gr/?p=4

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]