OSVDB ID: 11223 Title: Hawking HAR11A and HAR14A Router Unauthenticated Administrative Access |
Info |
|
|
Dates |
||||
|
|
Description |
ADSL Modem Router HAR11A and 4-port ADSL Modem Router HAR14A contain a flaw that may allow an attacker to obtain access to the router's administrative interface. The issue is triggered when the attacker uses telnet to connect to port 23, 254, or 255. The flaw allows unauthorized access to the router's management interface resulting in a loss of confidentiality. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Authentication Management Impact: Loss of Confidentiality Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Upgrade to firmware version CX82xxx_4.1.0.21 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): 1) Use the "Virtual Host" feature in the modem's browser interface to forward ports 23, 254, and 255 to a nonexistent host (such as "10.0.209.5"). This still allows access from the firewall side of the modem, however. 2) Put the modem into "bridge mode" and do all your NAT, PPPoE, and security from your linux firewall. |
Products |
|
References |
|
Credit |
|
mad.scientist.com -