Aztech router DSL600EU IP and ARP spoof

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Aztech router DSL600EU IP and ARP spoof
From: acheddamiman@xxxxxxxxx
Date: 30 Aug 2007 23:10:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The Aztech DSL600EU is vulnerable to IP|ARP spoof.

Example:

Webinterface disabled in WAN to LAN or EXT to IN zone but the port 80 is not 
blocked, one malicious client can be send one SYN inundation and calculate the 
sequence number (IP spoof) and conect to the web interface.

By AchedDamiman

Prev by Date: Re: Sony: The Return Of The Rootkit
Next by Date: Re: Sony: The Return Of The Rootkit
Previous by thread: Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid
Next by thread: Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files
Index(es):
- Date
- Thread