Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   B-FOCuS Router Vendors:   ECI Telecom
B-FOCuS Wireless Router Discloses Configuration Files to Remote Users
SecurityTracker Alert ID:  1017145
SecurityTracker URL:
CVE Reference:   CVE-2006-5711   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Nov 1 2006
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   Tal Argoni (LegendaryZion) reported a vulnerability in the B-FOCuS wireless router. A remote user can view files on the target device.

The device does not properly restrict access to the configuration files. A remote user can supply a specially crafted request to view router configuration files and other files on target system.

A demonstration exploit URL is provided:


The B-FOCuS Wireless 802.11b/g ADSL2+ Router is affected.

Impact:   A remote user can view the configuration files.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Subject:  Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by

Issue: B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD"
Discovered Date: 02/10/2006
Author: Tal Argoni, LegendaryZion. [talargoni at]
Product Vendor:


B-FOCuS Wireless Router is prone to a directory listing Vulnerability.
The vulnerability exists in Web-Based Management , caused by the lack of poor configuration.

Exploitation URL:


Successful exploitation allow viewing the router files and configuration files.

Proof Of Concept:


Tal Argoni, CEH

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC