gigafast.txt

2005-02-26T00:00:00
ID PACKETSTORM:36252
Type packetstorm
Reporter Gary H. Jones II
Modified 2005-02-26T00:00:00

Description

                                        
                                            `This router is/was widely sold in CompUSA stores. It is a Gigafast router,  
re-branded as a CompUSA router.  
  
All firmware versions are affected.  
When reported to the manufacturer on 5/13/04, I had received a response  
stating that the information would be passed on to firmware developer.  
Almost a year has passed and no fix is currently available.  
  
Bug #1  
The router has a login page; however, this may easily be bypassed. If one  
was to make a request to http://ROUTER/backup.cfg, it would contain some of  
the routers preferences, including the administrator password in plain-text.  
  
Anyone may access this file on the LAN by default. If remote administration  
is enabled, any individual on the internet would be able to download this  
configuration file and see the administrator password.  
  
Bug #2  
If the DNS proxy option is turned on, it is possible to interrupt  
connectivity by sending malformed DNS queries. Once the router receives the  
malformed DNS queries, it will not work until a cold boot has been  
performed. This bug can only be produced within the LAN.  
  
-----------------------------------------------------  
Gary H. Jones II  
PointBlankSecurity.com  
  
  
  
-----BEGIN PGP PUBLIC KEY BLOCK-----  
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1  
  
mIsEQfFmagEEANqJwfxGkm69Mb8bEalnXw5W4FrwEsa6CZHBRfSWV2LaJ2kT3pVh  
ed4E8Ge9VV/vjCSbEcNrwwrrWklCBzlm9+MUeSOjIWtmScxhC1gNZuieEdH1G2VK  
f+30cypHn7nVKdd6NfxbceQUyDJ1/6xltHoDtQKYA0Y8Mev3kt78rqo/AAYptC1H  
YXJ5IEggSm9uZXMgSUkgPGdhcnlAcG9pbnRibGFua3NlY3VyaXR5LmNvbT6IsgQT  
AQIAHAUCQfFmagIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQ+snYOPAe5vYwrgQA  
npV1QcELTeISYnD2/fX6b9tNaRet5RGPcZ7hAYiVRpCpDHzriJOGuOnTbLfX0vW3  
EDs7YMtLZQmn/gAvK7wH5/EKrkVt3BrZUFaglPIH0Dk3Otsx4AGIfrFJlD2hOcO8  
/QGgYEix8plsKtz3kAu8MvO0o2axV7GnuMyPHvJJap0=  
=SZ3h  
-----END PGP PUBLIC KEY BLOCK-----  
  
`