Hawking Technology wireless router WR254-CA DNS issue

2006.11.15
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Hi, I have discovered a security issue with Hawking Technology wireless router, model WR254-CA. Since they are still available on the market so I think it will be good to warn the community. This router contains a DNS address 139.175.55.244 hardcoded in the firmware. At least when used in DHCP mode, the set of DNS IP addresses coming from the ISP does NOT override this hardcoded IP address. The router takes only first real DNS IP address and puts it to the second place on its list. Because of this, the hardcoded address is used first when you try to resolve a hostname through the router (it sends its own IP address over DHCP to the machines in the local network so it is typical case). I have discovered that a similar issue has been reported against Zyxel P2000W VoIP phone by Shawn Merdinger some time ago - it was exactly the same hardcoded IP address. I have attempted to contact Hawking Tech technical support but after exchanging a couple of emails (they could not understand why do I consider this a problem) they have stopped answering. Finally, I have got the answer that "I think it is hard coded inside the router, in case no DNS server obtain by the DHCP, you still can browse the internet.". I would suggest to stay away from this product, check other similar products from this company and use static DNS configuration if you actually have this router. In addition to the danger of having an untrusted DNS server used without your explicit permission, there is something strange happening with this DNS server (dns.seed.net.tw). Sometimes I see that some well-known host names get resolved into wrong IP addresses (about 2-3 weeks ago they had troubles with *.google.com). It may be just a bug or an attempt to do something more interesting. Anyway, it is a separate problem. -- Nikolai Grigoriev (514) 909-7846 (514) 260-6402


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top