<<< Date Index >>>     <<< Thread Index >>>

Conexant Access Runner DSL Console login bypass vulnerability




A vulnerability has been discovered in the Conexant Access Runner DSL Console 
Port 3.21. This vulnerability will let a remote attacker bypass the login 
screen and have full admin rights even if admin password is set. The login 
bypass works in the following way:

When at login screen you may press any key to get the invalid password, please 
try again message. At this point all an attacker has to do is tap the [ENTER] 
key to gain access to the main menu of the system with admin rights. 

This has been found to work on all 3.21 versions. At this time I am not aware 
of a fix as I could not get in contact with Conexant about this issue.