Type packetstorm
Reporter D
Modified 2005-07-28T00:00:00


                                            `Title: ECI router verification bypass and DoS  
Date: 24/07/2005  
Impact: Log in verification bypass  
Vendors Status: Not contacted (they were mean to me)  
The B-FOCuS Router 312+ provides users with a reliable and secured  
ADSL2+ connection to the Internet. The 312+ has a single Ethernet port  
10/100 and can support either a single computer or multiple computers  
sharing a single ADSL2+ line when connecting to a switch. The router's  
internal stateful inspection firewall protects the user's PC from  
hackers and unwelcome intrusions.  
(Tested on B-FOCuS Router 312+ presumably works on all eci routers\products)  
By default the eci router has a management interface available via http  
The interface is protected by a log in screen  
This screen can be easily bypassed by accessing the firmwarecfg page  
in the unprotected cgi-bin directory  
the page provides a way of downloading the routers current settings  
including connection passwords and management passowrds  
in plaintext  
also this page provides a means to reset the modem thus executing a  
denial a service attack by making the modem reset constantly  
furthermore the page provides facilities to upload new firmware  
Affected Version:  
All ECI routers  
Tested on ECI B-FOCuS Router 312+  
Credits for this vulnerability goes to D[-A-t-]  
Seeking work (in Israel)