Vulnerability Development mailing list archives
Re: exploiting printers, home routers & smb routers
From: Stan Bubrouski <stan () ccs neu edu>
Date: Thu, 22 Aug 2002 11:45:07 -0400
chrisd () cissmb pointclark net wrote:
I read the black hat presentation on exploiting printers: http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-phenoelit-network.pdf , good stuff & a real eye opener! I started thinking ..., I'm no hardware expert but couldn't this be modified & applied to all the home & small business routers ??? (linksys, smc, d-link, etc ...) As we all know so many of them are: - can be configured through a web interface - their default config is not changed - are accessible through inet (lack of config) - keep their default accounts (lack of config) - new firmware can be uploaded
Indeed, Which is why there are advisories all the time about such problems in cable modems and routers and switches. But Netgear RPXXX series routers etc... do not have the admin interface enabled on anything but the LAN, nor do most have SNMP at all. Linksys routers are the same by default, limited to the LAN for ocnfiguration connections, althought they have other problems yet to be addressed. For home DSL/Cable routers the biggest problem I see at the moment that is still a general problem is that many come with default logins and default SNMP communities. -Stan
My question, could something similar to exploiting printers be done to routers or would the hardware be totally incompatible ? ch,
Current thread:
- exploiting printers, home routers & smb routers chrisd (Aug 22)
- Re: exploiting printers, home routers & smb routers Stan Bubrouski (Aug 22)
- Re: exploiting printers, home routers & smb routers hellNbak (Aug 22)
- RE: exploiting printers, home routers & smb routers Nick Iglehart (Aug 22)
- Re: exploiting printers, home routers & smb routers FX (Aug 23)
- <Possible follow-ups>
- Re: exploiting printers, home routers & smb routers Peter Gutmann (Aug 22)