Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 06. March 2014., 17:38:48 »


Cisco patches vulnerabilities in small business routers and wireless LAN controllers

Cisco Systems released new firmware versions for some of its small business routers and wireless LAN controllers in order to address vulnerabilities that could allow remote attackers to compromise the vulnerable devices or affect their availability.

A vulnerability found in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, RV215W Wireless-N VPN Router and CVR100W Wireless-N VPN Router can be exploited by an unauthenticated, remote attacker to gain administrative access to the affected devices.

“The vulnerability is due to improper handling of authentication requests by the web framework,” Cisco said in a security advisory published Wednesday. “An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device”: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd

Cisco assigned an impact score of 10 to the vulnerability—the highest in the Common Vulnerability Scoring System (CVSS)—because the flaw can lead to a complete compromise of a device’s confidentiality, integrity and availability.

Users are advised to update the firmware of the affected devices because there are no available workarounds. The patched firmware versions are: Cisco CVR100W Wireless-N VPN Router firmware version 1.0.1.21, Cisco RV110W Wireless-N VPN Firewall firmware version 1.2.0.10 and Cisco RV215W Wireless-N VPN Router firmware version 1.1.0.6.

Cisco also fixed five denial-of-service vulnerabilities and one unauthorized access vulnerability in the software running on a wide range of its stand-alone and modular wireless LAN controllers. The affected products are: Cisco 500 Series Wireless Express Mobility Controllers, Cisco 2000 Series Wireless LAN Controllers, Cisco 2100 Series Wireless LAN Controllers, Cisco 2500 Series Wireless Controllers, Cisco 4100 Series Wireless LAN Controllers, Cisco 4400 Series Wireless LAN Controllers, Cisco 5500 Series Wireless Controllers, Cisco Flex 7500 Series Wireless Controllers, Cisco 8500 Series Wireless Controllers, Cisco Virtual Wireless Controller, Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM), Cisco Wireless Services Module version 2 (WiSM2), Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs), Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs), Cisco Catalyst 3750G Integrated WLC and Cisco Wireless Controller Software for Services-Ready Engine (SRE).

The denial-of-service vulnerabilities can be exploited by sending specially crafted IGMP version 3 messages, MLD version 2 packets, ethernet 802.11 frames and WebAuth login requests to the affected devices. The attacks can force the affected devices to restart or can result in more persistent denial-of-service conditions, depending on the vulnerability being exploited.

The unauthorized access vulnerability is located in code that Cisco wireless LAN controllers send to other access point devices connected to them.

“An attacker could exploit this vulnerability by attempting to authenticate to an affected device using locally-stored credentials of the AP,” Cisco said in an advisory. “A successful attack could allow an attacker to take complete control of the affected AP and make arbitrary changes to the configuration”: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc

The Cisco advisory contains tables listing the affected firmware releases for the different products as well as the corresponding new patched firmware versions.

(PCW)
Posted by: jheysen
« on: 13. February 2014., 22:39:13 »

what can u do to be safe? Uhm.. firmware upgrade/DD-WRT/OpenWRT
keep an eye on the DHCP client table/MAC Restriction
Posted by: devnullius
« on: 13. February 2014., 21:56:30 »

If you gonna repeat bad news for all these ISP modems, I will repeat what I always say nowadays: wtf can I do to be safe??

No more fun, the internet.

* devnullius longs for MS-Dos Ping Pong virus... Bounce bounce aaaah. That were fun malwares ;p
*

Devnullius


* http://en.wikipedia.org/wiki/Ping-Pong_virus

Quote
Ping-Pong.A is extinct but the hard-disk variants can still appear.
Posted by: Samker
« on: 13. February 2014., 18:59:30 »

Have a Linksys router? Now's a good time to update that firmware

Owners and administrators of Linksys home routers are being advised to update and secure their devices following reports of active attacks on a flaw present in at least two models.

Researchers with the SANS Institutes Internet Storm Center have received reports of mass attacks on a remote access vulnerability in the Linksys E1000 and E1200: https://isc.sans.edu/forums/diary/Suspected+Mass+Exploit+Against+Linksys+E1000+E1200+Routers/17621
The reports, which were noted by an ISP administrator in Wyoming, claim that some customers running the Linksys routers have had their networks compromised.

According to the reports, the compromised routers scanned network traffic rapidly on port 80/8080, saturating available bandwidth, and in some cases their DNS settings were modified.

While the exact nature of the flaw being exploited is not yet known, early speculation is that the issue could be related to components using the home network administration protocol (HNAP).

SANS noted that E1200 routers with the latest 2.0.06 firmware version seemed to be immune to the spotted attacks, but the E1000s – which are no longer supported – were not, even with the most recent firmware installed.

Linksys did not return a request to confirm or comment on the reports.

Dr. Johannes Ullrich, chief research officer with the SANS Institute, told The Reg that in addition to updating firmware, owners and administrators of the vulnerable routers should look to tighten their administrator access controls.

"They should either turn off remote admin functionality, or restrict it to IP addresses from which they need to access the router if they can," Ullrich said.

The report comes not long after word surfaced of other security vulnerabilities found in routers made by Linksys' former parent company, Cisco. Those flaws affected a number of small business products from Cisco, and did not impact any Linksys branded devices.

(ElReg)


Download latest firmware for your Linksys router: http://support.linksys.com/en-eu/support/linksys

Posted by: devnullius
« on: 14. January 2014., 18:50:29 »

Good to see they are checking up!

Posted by: Samker
« on: 14. January 2014., 18:34:13 »

Cisco Systems promised to issue firmware updates removing a backdoor from a wireless access point and two of its routers later this month. The undocumented feature could allow unauthenticated remote attackers to gain administrative access to the devices.

The vulnerability was discovered over the Christmas holiday on a Linksys WAG200G router by a security researcher named Eloi Vanderbeken. He found that the device had a service listening on port 32764 TCP, and that connecting to it allowed a remote user to send unauthenticated commands to the device and reset the administrative password.

It was later reported by other users that the same backdoor was present in multiple devices from Cisco, Netgear, Belkin, and other manufacturers (first article - above). On many devices this undocumented interface can only be accessed from the local or wireless network, but on some devices it is also accessible from the Internet.

Cisco identified the vulnerability in its WAP4410N Wireless-N Access Point, WRVS4400N Wireless-N Gigabit Security Router and RVS4000 4-port Gigabit Security Router. The company is no longer responsible for Linksys routers, as it sold that consumer division to Belkin early last year.

The vulnerability is caused by a testing interface that can be accessed from the LAN side on the WRVS4400N and RVS4000 routers and also the wireless network on the WAP4410N wireless access point device.

”An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system,” Cisco said in an advisory published Friday. “An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges”: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

The company noted that there are no known workarounds that could mitigate this vulnerability in the absence of a firmware update.

The SANS Internet Storm Center, a cyber threat monitoring organization, warned at the beginning of the month that it detected probes for port 32764 TCP on the Internet, most likely targeting this vulnerability: https://isc.sans.edu/diary/Scans+Increase+for+New+Linksys+Backdoor+%2832764TCP%29/17336

(PCW)
Posted by: Samker
« on: 14. January 2014., 18:29:20 »


Asus is now distributing a firmware update that will change the default security settings on its broadband routers after files on thousands of external hard drives were found easily accessible over the Internet.

The problem was reported last week and stems from how Asus’ routers are configured. Access to an external hard drive that’s been attached to a router’s USB port via FTP can be activated manually or by using a wizard, but both leave the router open by default.

As a result, the files of users in Europe and the U.S. were found accessible via the Internet, according to industry experts and tests conducted by PC World Norway and TechWorld Sweden.

After being questioned about the problem, Asus decided to develop a firmware update to fix the issue, which is now being distributed via its website and the directly from the router user interface.

“The update changes the default security setting from unlimited to limited access rights when setting up a FTP server. This change will ensure that the end user doesn’t leave their FTP server unprotected by mistake and also make it easier to understand the implications of the different security options,” the company said in a statement.

There is now a warning that it’s possible to access files via FTP without entering a password when a user has chosen the limitless access setting, according to Asus.

The update has already been released for the RT-AC68U router: https://www.asus.com/Networking/RTAC68U/#support , and will this week also become available for the RT-AC56U, RT-AC66U, RT-N66U and RT-N16 routers. Remaining routers will be updated next week, Asus said.

(PCW)
Posted by: devnullius
« on: 07. January 2014., 23:38:01 »

Good, I'm not on the list :)

Thanx for clarification!
Posted by: jheysen
« on: 07. January 2014., 23:20:18 »

If you go into the git repo, you can run the python script, or look into the documents and see which models have already been tested and if they were found vulnerable or not, but as I see things, looks like all routers made by that company carry the vulnerability...
Also, look the open letter to journalists.. :p
Posted by: devnullius
« on: 07. January 2014., 23:13:06 »

Is there a testlink I overlooked?? Been tabbing like crazy @ the moment...

 ::)
Posted by: jheysen
« on: 07. January 2014., 22:29:32 »

Yay, my router doesn't have the vulnerability :p
But I fiund it extrange to leave such a big security hole in the FW... maybe it was a test service that slid into production?
Posted by: devnullius
« on: 07. January 2014., 21:47:42 »

Good thing for auto firmware updates  8)
Posted by: Samker
« on: 07. January 2014., 20:52:03 »



The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems.

A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published by Eloi Vanderbeken at github, here: https://github.com/elvanderb/TCP-32764 , resets devices to factory default, enabling a remote attack without the password.

Vanderbeken says the backdoor is confirmed in devices from Cisco (under both Cisco and Linksys brands, the latter since offloaded to Belkin), Netgear, Diamond, LevelOne and OpenWAG. According to a post on HackerNews: https://news.ycombinator.com/item?id=6997159 , the common link between the vulnerable devices is that they were manufactured under contract by Sercomm.

Trying to access a Linksys WAG200G device for which he'd forgotten the password, Vanderbeken noticed the device was listening on Port 32764, an undocumented service noted by other users. Reverse engineering the MIPS code the device's firmware is written in, he says he located a way to send commands to the router without being authenticated as an administrator.

In particular, the backdoor allowed him to brute-force a factory reset without providing a password – meaning that on his next login, he had access to everything.

Vanderbeken's proof-of-concept python code includes reporting on whether the device it's running against is vulnerable or not.

It seems that at least this vulnerability doesn't permit a silent attack: if an outsider ran the code against someone's router, the crash and resulting reset to default passwords would at least alert the victim that something had happened.

(ElReg)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising