|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: 22 Aug 2002 07:06:48 -0000 Message-ID: <20020822070648.20791.qmail@mail.securityfocus.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 From: Jens Jensen <jpj@netcom-usa.com> To: bugtraq@securityfocus.com Problem: malicious user can release DHCP client on D-Link DI-804 router interrupting network communications I need some other D-Link DI-804 users (as well as other dlink routers) to see if they can reproduce this problem-- With "remote administration" mode enabled to any IP (web interface wide open on WAN side), It seems that a malicious user can activate DHCP release/renew without first being authenticated as the admin (priviledged user) the webpage that I can get to on the dlink built in web interface is http://xxx.xxx.xxx.xxx/release.htm where xxx.xxx.xxx.xxx is the ip address of your router, specifically for these purposes, the wan ip address firmware: 4.68 device: DI-804 This would be a BAD thing, since an attacker could interrupt communications on the router This can be temporarily fixed by either disabling "remote administration" or limiting the IP addresses allowed to remote admin. I have submitted this to D-Link support. I'm also wondering what other D-Link routers this could affect. Jens Jensen MCP, CCNA
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |