UnMatería reporta una vulnerabilidad en el conocido router Zyxel Prestige 650HW-31. Al acceder vía http a la configuración, nos pregunta el usuario y clave. Si en la clave se introduce una cadena muy larga (really big string) el router se reseteará dejando a la victima offline durante unos minutos hasta que resincronice. Afecta a los router con el servidor web embebido RomPager/4.07
La solución por el momento es añadir filtros que impidan el acceso por http desde fuera de nuestra Lan.
Este es el mensaje enviado por UnMateria a Security Tracker:
Hi out there... seems like all embeded rompager servers are not very well
designed... so here is another bug, an overflow in the autentication process
in Zyxel Prestige 650HW-31 (a DSL router very sold in Spain). Just connect
to the router via HTTP and with any username... post a really big string
like a password (I didnt measure how many chars there)... the router will
reset itself and will resyncronize DSL for itself after the reset. The
version of rompager is (I took it from the http header with a sniffer cos I
dont have access to the router so its maybe not correct) : RomPager/4.07
Solution.... like always, put filters on at least telnet and HTTP services.
The manual to setup the filters is in Zyxel homepage so please... download
it if you have any doubt about this :-)
UnMateria