Bugtraq mailing list archives
Re: FlowPoint DSL router vulnerability
From: scottd () CLOUD9 NET (Scott Drassinower)
Date: Sat, 7 Aug 1999 12:07:05 -0400
It involves a bug that allows a password recovery feature to be utilized from the LAN or WAN instead of just the serial console port. Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will allow you to get access to the box to do whatever you want. It appears as if the problem started in 3.0.4, but I am not totally certain about that. -- Scott M. Drassinower scottd () cloud9 net Cloud 9 Consulting, Inc. White Plains, NY +1 914 696-4000 http://www.cloud9.net On Thu, 5 Aug 1999, Matt wrote:
The following URL contains information about a firmware upgrade for FlowPoint DSL routers that fixes a possible "security compromise". FlowPoint has chosen not to release ANY information whatsoever about the vulnerability. I was curious if anyone had any more information about this vulnerability than what FlowPoint is divulging. http://www.flowpoint.com/support/techbulletin/sec308.htm thnx -- I'm not nice, I'm vicious--it's the secret of my charm.
Current thread:
- FlowPoint DSL router vulnerability Matt (Aug 05)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 07)
- <Possible follow-ups>
- Re: FlowPoint DSL router vulnerability Chris Shenton (Aug 06)
- Re: FlowPoint DSL router vulnerability Eric Budke (Aug 10)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 10)
- Re: FlowPoint DSL router vulnerability Peter Radcliffe (Aug 10)
- Re: FlowPoint DSL router vulnerability Chris J Burris (Aug 10)
- Re: FlowPoint DSL router vulnerability shusaku (Aug 10)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 10)