Bitch Board

[WPS PIN brute force vulnerability]

FYI...

WPS PIN brute force vulnerability
- http://www.kb.cert.org/vuls/id/723755#vendors
Last revised: 10 May 2012
Overview: The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible...
Impact: An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service...
Please consider the following workarounds:
> Disable WPS
Within the wireless router's configuration menu, disable the external registrar feature of WiFi Protected Setup (WPS). Depending on the vendor, this may be labeled as external registrar, router PIN, or WiFi Protected Setup...
References:
- http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
- http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
- http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc
- http://www.wi-fi.org/wifi-protected-setup/
- https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c
- http://en-us-support.belkin.com/app/answers/detail/a_id/75/~/disabling-wps-on-the-router

 

[DSL modem hack used to infect millions - banking fraud malware]

FYI...

DSL modem hack used to infect millions - banking fraud malware
- http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/
Oct 1, 2012 - "Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials... The attack... infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log into and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites. "This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems," Assolini wrote... "This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months"... The vulnerability is even more alarming since the list of affected manufacturers and models is still unknown. Users who want to protect themselves should make sure their modems are using the latest available firmware, although based on what we know now, there's no guarantee the latest release has been patched against the exploited CSRF flaw."

 

[Linksys WRT54GL firmware vuln]

FYI...

Linksys WRT54GL firmware vuln
- https://secunia.com/advisories/51809/
Release Date: 2013-01-21
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Operating System: Linksys WRT54GL 4.x
Solution: Update to firmware version 4.30.16.
Original Advisory: Linksys:
http://homedownloads.cisco.com/downloads/797/518/WRT54GL_v4.30.16_FwReleaseNotes,0.txt

 

[D-Link DIR-300 / 600 routers vuln]

FYI...

D-Link DIR-300 / 600 routers vuln
- https://threatpost.com/en_us/blogs/researcher-warns-d-link-router-vulnerabilities-020713
Feb 7, 2013 - "... vulnerabilities in D-Link’s DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands and ultimately compromise the device... Messner first discovered the vulnerabilities at the tail end of 2012 and forwarded them to D-Link who insisted the issue was relegated to browsers and that the company would not publish a fix. Messner elected to provide more information to D-Link more than a week and a half ago, on January 25. Having still not heard back yet, Messner saw fit to publicly releasing the attack details earlier this week. A post by The H-Security* claims that all current D-Link firmware versions (Version 2.13, released November 7, 2012 and Version 2.14b01, released January 22, 2013) are affected by the flaw and suggests – at least until D-Link issues a fix – to “decommission the affected browsers.” D-Link did not respond to e-mail requests for comment..."

* http://h-online.com/-1798804
6 Feb 2013

- http://atlas.arbor.net/briefs/index#-1154464955
Feb 07, 2013
Analysis: "Many home offices and small offices use broadband connections with devices like the D-Link routers. Such environments don't often have security savvy people on staff, and the compromise of such devices can lead to all sorts of issues such as attackers planting malicious DNS servers in the device configuration that affect every system on the LAN using DHCP to receive DNS settings. In addition, an attacker could use such a vulnerability to penetrate deeper into an enterprise network by compromising a machine on the LAN and backdooring it."

- http://h-online.com/-1800471
8 Feb 2013

- https://secunia.com/advisories/52080/
Release Date: 2013-02-08
Criticality level: Moderately critical
Impact: Exposure of system information, System access
Where: From local network
... weakness, security issues, and vulnerability are reported in the following products:
* D-Link DIR-300 version 2.12 and 2.13.
* D-Link DIR-600 version 2.12b02, 2.13b01, and 2.14b01.
Solution: No official solution is currently available.

   

[D-Link DIR-645 - Firmware v1.03 update-fix]

FYI...

D-Link DIR-645 - Firmware v1.03 update-fix
- https://secunia.com/advisories/52432/
Release Date: 2013-03-01
... security issue is reported in version to 1.02. Other versions may also be affected.
Solution: Reportedly fixed in version 1.03.
Original Advisory: http://archives.neohapsis.com/archives/bugtraq/2013-02/0151.html
"... D-Link has released an updated firmware version (1.03) that addresses this issue..."

> http://www.dlink.com/us/en/support/product/dir-645-wireless-n-home-router-1000
Latest Firmware - Version v1.03

 

[Actiontec router MI424WR-GEN3I CSRF vuln]

FYI...

Actiontec router MI424WR-GEN3I CSRF vuln ...
- http://www.kb.cert.org/vuls/id/278204
18 Mar 2013 - "Overview: The Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks.
Solution: We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Restrict Access: Verify the router's web interface is not Internet accessible. As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing the router web interface using stolen credentials from a blocked network location.
Do Not Stay Logged Into the Router's Management Interface: Always log out of the router's management interface when done using it..."
> http://www.kb.cert.org/vuls/id/BLUU-94HPZA

>> http://www.actiontec.com/products/product.php?pid=189

  

[Linksys EA2700 firmware - update]

FYI...

Linksys EA2700 firmware - update
- http://arstechnica.com/security/2013/04/using-a-linksys-wi-fi-router-it-could-be-ripe-for-remote-takeover/
Apr 9, 2013 - "... The most severe of the vulnerabilities in the "classic firmware" for the Linksys EA2700 Network Manager is a cross-site request forgery weakness in the browser-based administration panel... A statement issued by officials from Belkin, which recently acquired the Linksys brand, said the vulnerabilities documented by Purviance had been fixed in the Linksys Smart Wi-Fi Firmware that was released in June... link for the Linksys Smart Wi-Fi Firmware:
- http://support.linksys.com/en-us/support/routers/EA2700
EA Series Linksys Smart Wi-Fi Firmware
11/19/2012
Ver.1.1.39.145204
- http://downloads.linksys.com/downloads/977/542/EA2700_Firmware_Release_Note_11192012.txt