[41234] in bugtraq
Re: Authentication vulnerability in Belkin wireless devices
daemon@ATHENA.MIT.EDU (Andrei Mikhailovsky)
Wed Nov 16 17:02:15 2005
From: Andrei Mikhailovsky <mlists@arhont.com>
Reply-To: andrei@arhont.com
To: "S.A.B.R.O. Net Security" <sabronet@indy.rr.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <437B2C96.2030809@indy.rr.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-E6FFDidPnQ0ugshkLRfe"
Date: Wed, 16 Nov 2005 13:41:36 +0000
Message-Id: <1132148496.21581.36.camel@whale.core.arhont.com>
Mime-Version: 1.0
--=-E6FFDidPnQ0ugshkLRfe
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
This is very odd, as we've reproduced this vulnerability on about 5
different F5D7230-4 with firmware 4.05.3 and 4.03.3, as well as on a few
of the F5D7232-4 routers with the same firmware.
This can't be a network specific setup issue, as we've tested this on
several unrelated networks from Linux and Windows operating systems
using Firefox and MS IE browsers.
Kind Regards,
On Wed, 2005-11-16 at 07:56 -0500, S.A.B.R.O. Net Security wrote:
> Hmmm... we were unable able to reproduce this vulnerability with one of o=
ur
> Belkin Wifi F5D7230-4 with firmware version 4.05.03
>=20
> Once the admin has authenticated any other attempts to access the device=20
> from
> any source (hardwire lan, wifi, remote) displays the following result :
>=20
> Duplicate Administrator
> This device is managed by xxx.xxx.x.x currently!!
>=20
--=20
Andrei Mikhailovsky
Arhont Ltd - Information Security
Web: http://www.arhont.com
http://www.wi-foo.com
Tel: +44 (0)870 4431337
Fax: +44 (0)117 9690141
PGP: Key ID - 0x2B3438DE
PGP: Server - keyserver.pgp.com
--=-E6FFDidPnQ0ugshkLRfe
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQBDezcQ5bSBOf9npPQRAkRBAJ4nNUBhY3dYf/qdejBW/FHEMjXzFgCghWim
uEogBn/NUeuPPIVaU9HTOG0=
=jIQS
-----END PGP SIGNATURE-----
--=-E6FFDidPnQ0ugshkLRfe--
