Gigafast/CompUSA router (model EE400-R) vulnerabilities
This router is/was widely sold in CompUSA stores. It is a Gigafast router,
re-branded as a CompUSA router.
All firmware versions are affected.
When reported to the manufacturer on 5/13/04, I had received a response
stating that the information would be passed on to firmware developer.
Almost a year has passed and no fix is currently available.
Bug #1
The router has a login page; however, this may easily be bypassed. If one
was to make a request to http://ROUTER/backup.cfg, it would contain some of
the routers preferences, including the administrator password in plain-text.
Anyone may access this file on the LAN by default. If remote administration
is enabled, any individual on the internet would be able to download this
configuration file and see the administrator password.
Bug #2
If the DNS proxy option is turned on, it is possible to interrupt
connectivity by sending malformed DNS queries. Once the router receives the
malformed DNS queries, it will not work until a cold boot has been
performed. This bug can only be produced within the LAN.
-----------------------------------------------------
Gary H. Jones II
PointBlankSecurity.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1
mIsEQfFmagEEANqJwfxGkm69Mb8bEalnXw5W4FrwEsa6CZHBRfSWV2LaJ2kT3pVh
ed4E8Ge9VV/vjCSbEcNrwwrrWklCBzlm9+MUeSOjIWtmScxhC1gNZuieEdH1G2VK
f+30cypHn7nVKdd6NfxbceQUyDJ1/6xltHoDtQKYA0Y8Mev3kt78rqo/AAYptC1H
YXJ5IEggSm9uZXMgSUkgPGdhcnlAcG9pbnRibGFua3NlY3VyaXR5LmNvbT6IsgQT
AQIAHAUCQfFmagIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQ+snYOPAe5vYwrgQA
npV1QcELTeISYnD2/fX6b9tNaRet5RGPcZ7hAYiVRpCpDHzriJOGuOnTbLfX0vW3
EDs7YMtLZQmn/gAvK7wH5/EKrkVt3BrZUFaglPIH0Dk3Otsx4AGIfrFJlD2hOcO8
/QGgYEix8plsKtz3kAu8MvO0o2axV7GnuMyPHvJJap0=
=SZ3h
-----END PGP PUBLIC KEY BLOCK-----