This buffer overflow exploit is effective against the 3Com OfficeConnect Remote 840 SDSL router, as well. NorthPoint Communications (and probably other ISPs) resold this router in some areas of the U.S. When I tested it, the router ceased to function and its LEDs began flashing, but it did not automatically reset - I had to disconnect and reconnect the power cable. I tested this with software version 1.0.7, firmware 4.2. (The router model number is 3c840-US.) The unprotected adsl_pair_select and adsl_reset problems aren't present on the 840. 3Com helpfully provides no e-mail support for this product, and their telephone support group was unable to find any support information for it... -- James Renken, System Administrator jrenkenat_private Sandwich.Net Internet Services http://sandwich.net/ 760-729-4609 On Tue, 15 May 2001, inc wrote: > Yesterday night I discovered a vulnerabilty. The router is a 3COM > OfficeConnect 812 and the vulnerability is on the HTTP server, on port 80. (snip) > http://192.168.1.254/graphics/sml3com%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s% > s%s%s%s%s%s%s%s%s%%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s > %s%s%s%s%s%s%s > > ...the router causes an NMI, red lights, flashing lights... and it's dead... > it disconnect and come online again on a minute. (snip) > ANNEX: > > http://192.168.1.254/adsl_pair_select > http://192.168.1.254/adsl_reset > > Very unsecure for strangers ;-)... the server here doesnt ask for password > so you cant reset the router from the own web (and without credentials)
This archive was generated by hypermail 2b30 : Wed May 16 2001 - 02:04:52 PDT