Re: Linksys WRT54G Denial of Service Vulnerability

[Eerik.Kiskonen@xxxxxxxxxxxxx]

Buffalo WBR-G54 (Firmware 1.30) is not vulnerable. It answers with "bad 
request" and the http server continues working without problems.

---- clip ---
[stnz@starship stnz]# nc 192.168.11.1 80
GET
HTTP/1.0 400 Bad Request
Server: micro_httpd
Date: Tue, 01 Jan 2002 06:04:15 GMT
Content-Type: text/html
Connection: close

<HTML><HEAD><TITLE></TITLE><meta http-equiv="Pragma" 
content="no-cache"></HEAD>
<BODY BGCOLOR="#FFFFFF">
Can't parse request.
---- clip ---

-
Ystävällisin terveisin/Best Regards
Turun Tietokeskus Oy/Eerik Kiskonen
Tekninen asiantuntija/Technical specialist
Satakunnantie 110, 20320 TURKU, Finland
Direct.    +358-2-273 4244
Fax.        +358-2-273 4220
E-mail:  eerik.kiskonen@xxxxxxxxxxxxx
Web.     http://www.turuntietokeskus.fi






Michael Renzmann <security@xxxxxxxxxx>
04.12.2003 06:33

 
        To:     test@xxxxxxxxxxxxxxx
        cc:     bugtraq@xxxxxxxxxxxxxxxxx
        Subject:        Re: Linksys WRT54G Denial of Service Vulnerability


Hi all.

test@xxxxxxxxxxxxxxx wrote:
 > Linksys WRT54G Denial of Service Vulnerability

There are some devices out there that are technically identical to the 
WRT54G (for example the Buffalo WBR-G54). Can anyone confirm whether 
they share this issue?

Bye, Mike