SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Ericsson Modem Vendors:   Ericsson
Ericsson ADSL Modem Web Management Interface Grants Access to Any Remote User
SecurityTracker Alert ID:  1006074
SecurityTracker URL:  http://securitytracker.com/id/1006074
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Mar 23 2004
Original Entry Date:  Feb 11 2003
Impact:   Root access via network
Exploit Included:  Yes  
Version(s): Model HM220dp
Description:   An authentication vulnerability was reported in the Ericsson HM220dp ADSL Modem. A remote user can access the device via the web-based interface.

It is reported that the device's web interface does not and cannot authenticate remote users. In some versions, the web administration page may only be accessible via the local area network (LAN).

The vendor has reportedly been notified.

Impact:   A remote user can access the web management interface.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ericsson.com/homeproducts/broadbandmodem/adsl_hm220d_spec.shtml (Links to External Site)
Cause:   Authentication error

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Confirms) Re: Ericsson ADSL Modem Web Management Interface Grants Access to Any Remote User
The vendor confirms and is working on a fix.
(Vendor Clarifies) Re: Ericsson ADSL Modem Web Management Interface Grants Access to Any Remote User
The vendor has provided some clarifying information.
Mar 23 2004 (An Exploit Method is Described) Ericsson ADSL Modem Web Management Interface Grants Access to Any Remote User
A user has provided an exploit method.



 Source Message Contents

Subject:  Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability


Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability 

Discussion: 

Ericsson HM220dp is a small office enviroment ADSL modem, distributed
by many Carriers such as Telecom Italia to thousand users.
It may be administered remotely through a number of mechanisms,
including a web based interface.
Unfortunately, the web interface does not require authentication
and does not give the possibility to require it.
Unauthorized users accessing the web pages may perform a variety of 
malicious actions.
By the way Ericsson forced the modem in "Bridged" mode with a modified 
firmware, so the web administration page could not be accessed from Internet 
but "just" from any user of the lan. 

It is possible that other products of the same series share this 
vulnerabilty. 


Solution: 

Ericsson has been contacted months ago but it's not still providing an 
updated firmware version that could prevent the problem ignoring it. 


Credits: 

Davide Del Vecchio would like to thank in primis his love Mara,
his coworkers of the security and monitoring staff @ Banca Mediolanum. 


Disclaimer: 

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event shall
the author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
^^^^^^^^ 

Please send suggestions, updates, and comments to:
Davide Del Vecchio - dante@alighieri.org / security@phx.it
www.alighieri.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC