Telindus Router Weak Encryption

2003-02-23T05:42:36
ID OSVDB:4762
Type osvdb
Reporter Elia Florio(eflorio@edmaster.it)
Modified 2003-02-23T05:42:36

Description

Vulnerability Description

Telindus ADSL Routers contain a flaw that may allow a remote attacker to gain administrative access. The issue is due to the use of weak encryption for remote management access. If an attacker can sniff the remote management traffic stream they could trivially decrypt the traffic to learn the administrative password.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: filter traffic to UDP port 9833.

Short Description

Telindus ADSL Routers contain a flaw that may allow a remote attacker to gain administrative access. The issue is due to the use of weak encryption for remote management access. If an attacker can sniff the remote management traffic stream they could trivially decrypt the traffic to learn the administrative password.

References:

Vendor URL: http://www.telindus.com/ Other Advisory URL: http://www.securiteam.com/securitynews/5DP0A2K7GY.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-02/0277.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-12/0262.html Keyword: UDP Port 9833 ISS X-Force ID: 10951 Generic Informational URL: http://www.telindus.com Bugtraq ID: 6919