ECIrouter.txt

2005-07-28T00:00:00
ID PACKETSTORM:38901
Type packetstorm
Reporter D
Modified 2005-07-28T00:00:00

Description

                                        
                                            `Title: ECI router verification bypass and DoS  
Date: 24/07/2005  
Impact: Log in verification bypass  
Vendors Status: Not contacted (they were mean to me)  
  
Overview:  
  
The B-FOCuS Router 312+ provides users with a reliable and secured  
ADSL2+ connection to the Internet. The 312+ has a single Ethernet port  
10/100 and can support either a single computer or multiple computers  
sharing a single ADSL2+ line when connecting to a switch. The router's  
internal stateful inspection firewall protects the user's PC from  
hackers and unwelcome intrusions.  
(Tested on B-FOCuS Router 312+ presumably works on all eci routers\products)  
  
Vulnerability:  
  
By default the eci router has a management interface available via http  
The interface is protected by a log in screen  
This screen can be easily bypassed by accessing the firmwarecfg page  
in the unprotected cgi-bin directory  
the page provides a way of downloading the routers current settings  
including connection passwords and management passowrds  
in plaintext  
also this page provides a means to reset the modem thus executing a  
denial a service attack by making the modem reset constantly  
furthermore the page provides facilities to upload new firmware  
  
Affected Version:  
  
All ECI routers  
Tested on ECI B-FOCuS Router 312+  
  
PoC:  
http://10.0.0.138/cgi-bin/firmwarecfg  
  
Credits:  
  
Credits for this vulnerability goes to D   
D.is.evil[-A-t-]gmail.com  
  
Comments:  
Seeking work (in Israel)  
`