Lucene search
K

SMCwhoops.txt

🗓️ 03 May 2004 00:00:00Reported by user86Type 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 25 Views

SMC broadband routers have default remote access on port 1900, can be exploited easily.

Code
`Tested Model: 7008ABR (part number 750.9814 with firmware 1.032 installed)  
Confirmed by another person on: 7004VBR (version 1, firmware 1.231)  
Others may be vulnerable.  
  
SMC broadband routers ship with remote administration enabled by default on   
their port 1900 on the WAN side of the router. If you just pull one out of   
the box, plug it into your internet connection and go through the "Setup   
Wizard" then don't do anything beyond that point, port 1900 is open on the   
router and completely passwordless, allowing ANY arbitrary person to just   
visit http://1.2.3.4:1900/ where "1.2.3.4" is the router's external IP   
address and hit "Login" and have full control of the router. This may allow   
an arbitrary person to expose the very machines being protected by the   
router.  
  
Steps to reproduce:  
1. Reset the router to factory defaults, either by logging onto its remote   
administration page at http://192.168.2.1/ and clicking "Advanced Setup" then   
"Tools" then "Configuration Tools" then choose "Restore barricade to factory   
defaults" and click "Next." Or by holding down the router's reset button   
with a paper clip for 30 seconds.  
  
2. After the router has been reset to factory defaults, visit its   
administration page at http://192.168.2.1/  
  
3. Click "login"  
  
4. Click "Setup Wizard" then "Next"  
  
5. Choose the appropriate connection type you have.  
  
6. When it is "connected" and you can web browse on the internet just fine   
behind it, go back to the router's administration page at http://192.168.2.1/  
  
7. Click "Advanced Setup" then "Status" and write down the router's WAN IP   
address. (for example 1.2.3.4)  
  
8. Now using a computer that has a different external IP address (another   
machine on the internet), visit the router's port 1900 in your web browser   
http://1.2.3.4:1900/  
  
You are then greeted with a login prompt. Click "Login" and you have full   
control of the router remotely. While you are there, click "Advanced Setup"   
and then "System" then "Remote Management" and you can verify "Remote   
Management" is supposedly disabled yet somehow you are *remotely* managing   
the device.  
  
  
There are two workarounds:  
1. Enable the router's firewall in its "Advanced Setup"  
  
2. Forward port 1900 of the router to a non-existent internal IP address   
(such as 192.168.2.248 if it isn't in use).  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

03 May 2004 00:00Current
7.4High risk
Vulners AI Score7.4
25