Bugtraq mailing list archives
Re: Medium security hole affecting DSL-G624T
From: Tim Brown <timb () nth-dimension org uk>
Date: Thu, 3 May 2007 22:50:40 +0100
On Thursday 03 May 2007 22:13:15 3APA3A wrote:
This vulnerability for D-Link DSL-G624T was already reported by Jose Ramon Palanco. See http://securityvulns.ru/Odocument816.html Previously, same problem was reported for D-Link DSL-G604T by Qex http://securityvulns.ru/Mdocument578.html There were also few more problems reported about /cgi-bin/webcm, see http://securityvulns.ru/Idocument664.html http://securityvulns.ru/Idocument759.html
I quite agree, the Summary of my attached advisory makes this point. However, as I also point out in the Solutions section, all of the issues you list were against major version 1 of the firmware. We're now at major version 3 and directory traversal is still a problem. Moreover, the advisories that cover directory traversal (http://securityvulns.ru/Mdocument578.html and http://securityvulns.ru/Mdocument578.html) only talk about /etc/passwd. Neglecting the fact that the web server runs as root and that /etc/shadow is therefore available. Secondly, the Javascript injection issue describe is as far as I know /entirely new/. It's not a short walk to the point where these two issues alone could be use to compromise devices, irrespective of the firmware issues you also link to. Maybe, I'm hoping that by version 10 of the firmware in the year 2014, D-Link may actually manage to fix some of these reported problems? Moreover, maybe they'll actually make it possible for researchers to report these things in a manner whereby they actually respond to the reports when contacted. Not holding my breath though. Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/>
Current thread:
- Medium security hole affecting DSL-G624T Tim Brown (May 03)
- Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)
- Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
- Re[2]: Medium security hole affecting DSL-G624T 3APA3A (May 04)
- Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
- Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
- Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)