Flaw in Alice gate2 pluswifi adsl modem

2009-09-06 / 2009-09-07
Credit: wargame89
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Discovered by WarGame/DoomRiderz HomePage: http://vx.netlux.org/wargamevx mail addr: wargame89 (at) yahoo (dot) it [email concealed] Vulnerable device: Alice gate 2 plus wifi Vendor's page: http://aiuto.alice.it/informazioni/modemadsl/alice_gate2adv.html It seems to be possible to disable the wifi encryption using the following url: http://192.168.1.1/cp06_wifi_m_nocifr.cgi?wlChannel=Auto&wlRadioEnable=on This can be done because there is no authentication scheme to access the admin panel of the modem, everyone can access it. Common scenario: The attacker sends to the victim (using emails, IM or IRC) the malicious link and with some social techs makes the victim click on it. After this, the attacker can access the victim's wlan that is now open to everybody. Other devices of the same family could be vulnerable too but I did not test it.

References:

http://xforce.iss.net/xforce/xfdb/39831
http://www.securityfocus.com/bid/27374
http://www.securityfocus.com/archive/1/archive/1/486733/100/200/threaded
http://secunia.com/advisories/28618
http://osvdb.org/40739


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top