DDIVRT-2009-24 Precidia Ether232 Memory Corruption
March 10th, 2009
Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and princeofnigeria and r@b13$
Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.
By making malformed GET requests to the built-in web server on certain Precidia Ether232 devices, it is possible to arbitrarily overwrite memory on the device and cause unknown impact.
At this point in time, Precidia Technologies has not provided a firmware upgrade addressing the memory corruption flaw. As a workaround, Precidia Technologies suggests that users disable the web server on the device through the serial or telnet configuration interface.
Precidia Ether3201-232 w/ firmware 3.00.250 Precidia Ether232 Duo w/ firmware 5.00.02 Other versions are believed to be vulnerable.
Vendor Name: Precidia Technologies Vendor Website: http://www.precidia.com Contact Information: email@example.com, firstname.lastname@example.org