3Com® HomeConnect® Cable Modem Denial of Service

["Alex S. Harasic" <aharasic () terra cl>]

INFO:
======================================================
object
class Failure to Handle Exceptional Conditions

remote Yes
local No

vulnerable:     3Com® HomeConnect® Cable Modem External with USB (#3CR29223 --
DISCONTINUED)
Not Tested:     (#3CR29223-A   -- DISCONTINUED)


DISCUSSION:
======================================================
HomeConnect is and External Cable modem manufactured by 3Com, and
distributed by numerous Cable providers.

A problem has been discovered in the cablemodem firmware that could make it
possible for remote users to deny service to legitimate users of this
network hardware.

This hardware has port 80/TCP wide open for the entire network, letting any
user on the internet to access the homepage that it has in it by default.
The problem occurs when a user reaches this page, and making a request of a
file (Existing or not) of more than 100 Characters. This will cause the
modem to Reset in the best case.

EXPLOIT:
=======================================================
http://target3comcablemodem/<AAAAAAAAAAAAAAAAAAAA+100CHARS>  (That is 100
characters)


SOLUTION:
========================================================
As a workaround for this issue, users can filter port 80 of the Cablemodem
Or else, since this modem is discontinued (they no longer make it) you
should just call
your ISP, tell them about the problem and ask to replace the cablemodem for
a newer one.




Alex S. Harasic
aharasic () terra cl