Re: [Bulk] Re: D-Link DSL routers authentication bypass

[Francesco Orro <francesco.orro () akhela com>]

I found this vulnerability for my job last March. I immediately tried to 
contact D-Link since i didn't trust the e-mail for ordinary technical 
support. At the beginning of May I managed to submit to D-Link the 
vulnerability and I received an answer as you find in the advisory.

Bye
Francesco Orro


Luis Peralta wrote:
> On 5/19/05, Francesco Orro <francesco.orro () akhela com> wrote:
>
> > ====================== SUMMARY ========================
> >
> >  Title: D-Link DSL routers authentication bypass
> >  Date: 19 May 2005
> >  Author: Francesco Orro <francesco.orro 4t akhela.com>
>
>
> > =================== DISCLOSURE HISTORY =====================
> >
> > 2 May 2005 - First private release of this advisory;
> > 4 May 2005 - The vendor (D-Link Mediterraneo S.r.l.) has been informed
> >  of the vulnerability;
> > 5 May 2005 - The vendor replid that the problem was resolved on
> >  firmware version V1.00B02T02.EU.20040610, but has been
> >  demostrated that this version is vulnerable too;
> > 19 May 2005 - Public release of this advisory.
>
>
> Hi,
>
>  I notified D-Link (soporte () dlink es) about this issue (I only checked
> it on G604T models) on April 11th. The bug does not only allow to
> download the configuration file, but to completely trojanize the
> device by means of custom firmware uploading. I gave D-Link a two
> month grace period to fix the issue.
>
>  Regards,
> --
> Luis Peralta
> http://spisa.act.uji.es/~peralta

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/