Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass
From: jn@xxxxxx
Date: 21 Jan 2007 13:25:35 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I maintain an alternative firmware for the Speedport series and can confirm the 
flaw in the following firmwares:
Speedport W500V Firmware T-Com 1.30
Speedport  500V Firmware T-Com 1.31

Speedport W500V Firmware mod500
Speedport  500V Firmware mod500
Targa WR500 VoIP Firmware mod500

I'm 99% certain that the original firmware for the Targa is also concerned.

CORRECTION
White the description of the security flaw is correct, please notice:
Installing a new firmware does NOT change the system password!

Prev by Date: FishCart [injection sql]
Next by Date: [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
Previous by thread: Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass
Next by thread: Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass
Index(es):
- Date
- Thread