Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

gigafast.txt

🗓️ 26 Feb 2005 00:00:00Reported by Gary H. Jones IIType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 37 Views

Gigafast router has critical firmware vulnerabilities allowing unauthorized access to admin passwords.

Code
`This router is/was widely sold in CompUSA stores. It is a Gigafast router,  
re-branded as a CompUSA router.  
  
All firmware versions are affected.  
When reported to the manufacturer on 5/13/04, I had received a response  
stating that the information would be passed on to firmware developer.  
Almost a year has passed and no fix is currently available.  
  
Bug #1  
The router has a login page; however, this may easily be bypassed. If one  
was to make a request to http://ROUTER/backup.cfg, it would contain some of  
the routers preferences, including the administrator password in plain-text.  
  
Anyone may access this file on the LAN by default. If remote administration  
is enabled, any individual on the internet would be able to download this  
configuration file and see the administrator password.  
  
Bug #2  
If the DNS proxy option is turned on, it is possible to interrupt  
connectivity by sending malformed DNS queries. Once the router receives the  
malformed DNS queries, it will not work until a cold boot has been  
performed. This bug can only be produced within the LAN.  
  
-----------------------------------------------------  
Gary H. Jones II  
PointBlankSecurity.com  
  
  
  
-----BEGIN PGP PUBLIC KEY BLOCK-----  
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1  
  
mIsEQfFmagEEANqJwfxGkm69Mb8bEalnXw5W4FrwEsa6CZHBRfSWV2LaJ2kT3pVh  
ed4E8Ge9VV/vjCSbEcNrwwrrWklCBzlm9+MUeSOjIWtmScxhC1gNZuieEdH1G2VK  
f+30cypHn7nVKdd6NfxbceQUyDJ1/6xltHoDtQKYA0Y8Mev3kt78rqo/AAYptC1H  
YXJ5IEggSm9uZXMgSUkgPGdhcnlAcG9pbnRibGFua3NlY3VyaXR5LmNvbT6IsgQT  
AQIAHAUCQfFmagIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQ+snYOPAe5vYwrgQA  
npV1QcELTeISYnD2/fX6b9tNaRet5RGPcZ7hAYiVRpCpDHzriJOGuOnTbLfX0vW3  
EDs7YMtLZQmn/gAvK7wH5/EKrkVt3BrZUFaglPIH0Dk3Otsx4AGIfrFJlD2hOcO8  
/QGgYEix8plsKtz3kAu8MvO0o2axV7GnuMyPHvJJap0=  
=SZ3h  
-----END PGP PUBLIC KEY BLOCK-----  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4
gigafast routerfirmware vulnerabilitiesunauthorized accessdns proxy issuesconfiguration file access.
37