Full Disclosure mailing list archives
Re: RomPager ShellShock RCE Vulnerability?
From: 1n3 () hushmail com
Date: Sat, 26 Sep 2015 12:21:24 -0400
Here is the full ModSecurity log entry. I've also posted full details on my blog here: https://crowdshield.com/blog.php?name=rompager-shellshock-rce-0day MODSECURITY LOGS: ==> /var/log/apache2/error.log in a number of common routers which may allow full control of affected
devices. I haven't found an existing vulnerability for this and
this
appears to be a new trend in my ModSecurity logs. Hoping to get
some
feedback from the community and see if anyone can confirm... After researching RomPager, it appears to be the underlying web
server
used by a number of common routers which are listed below. VULNERABLE DEVICES: # AirLive WT-2000ARM# D-Link DSL-2640R# Huawei 520 HG# Huawei 530
TRA#
Pentagram Cerberus P 6331-42# TP-Link TD-8816# TP-Link TD-W8901G# TP-Link TD-W8951ND# TP-Link TD-W8961ND# ZTE ZXV10 W300# ZynOS#
ZyXEL
ES-2024# ZyXEL Prestige P-2602HW MODSECURITY LOGS: ==> /var/log/apache2/error.log _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- RomPager ShellShock RCE Vulnerability? 1n3 (Sep 25)
- Message not available
- Re: RomPager ShellShock RCE Vulnerability? 1n3 (Sep 27)
- Message not available