Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RomPager ShellShock RCE Vulnerability?

From: 1n3 () hushmail com
Date: Sat, 26 Sep 2015 12:21:24 -0400
Here is the full ModSecurity log entry. I've also posted full details
on my blog here:
https://crowdshield.com/blog.php?name=rompager-shellshock-rce-0day
MODSECURITY LOGS:
==> /var/log/apache2/error.log   in a number of common routers which
may allow full control of affected

 devices. I haven't found an existing vulnerability for this and

this

 appears to be a new trend in my ModSecurity logs. Hoping to get

some

 feedback from the community and see if anyone can confirm...
 After researching RomPager, it appears to be the underlying web

server

 used by a number of common routers which are listed below.

 VULNERABLE DEVICES:
 # AirLive WT-2000ARM# D-Link DSL-2640R# Huawei 520 HG# Huawei 530

TRA#

 Pentagram Cerberus P 6331-42# TP-Link TD-8816# TP-Link TD-W8901G#
 TP-Link TD-W8951ND# TP-Link TD-W8961ND# ZTE ZXV10 W300# ZynOS#

ZyXEL

 ES-2024# ZyXEL Prestige P-2602HW

 MODSECURITY LOGS:
 ==> /var/log/apache2/error.log

 _______________________________________________
 Sent through the Full Disclosure mailing list
 https://nmap.org/mailman/listinfo/fulldisclosure
 Web Archives & RSS: http://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: