Info

Disclosure

Aug 25, 2004

Discovery

Aug 13, 2004

Dates

Exploit

Aug 25, 2004

Solution

Unknown

Description

Network Everywhere's NR041 Router contains a flaw that may allow a malicious user to inject code into the web-based administrive interface by sending a specifically crafted DHCP packet whith a modified DHCP HOSTNAME. The issue is triggered when an administrator access the logs via the web-based interface where their browser will interpret the injected code. It is possible that the flaw may allow a remote attacker to take control of the administrator's session resulting in a loss of integrity or availability.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Don't view logs via the web-based interface. Also as the DHCP HOSTNAME can only be injected from an attacker on the local network, monitoring for spurious DHCP packets is advisable.

Products

Network Everywhere

NR041 Cable/DSL 4-port Router

1.2 Release 03

References

Security Tracker: 1011066
Bugtraq ID: 11046
Secunia Advisory ID: 12393
ISS X-Force ID: 16468 17120
CVE ID: 2004-1747 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0336.html
Generic Informational URL: http://c3rb3r.openwall.net/dhcping/
Generic Exploit URL: http://packetstormsecurity.nl/0406-exploits/dlink614.txt
Vendor URL: http://www.networkeverywhere.com/
http://www.networkeverywhere.com/products/nr041.asp

Credit

Mathieu Lacroix - Daemonzvideotron.ca -

Direct URL: http://osvdb.org/36218