SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  U.S. Robotics Broadband Router Vendors:  U.S. Robotics
US Robotics Broadband Router Discloses Administrative Password to Remote Users
SecurityTracker Alert ID:  1010433
SecurityTracker URL:  http://securitytracker.com/id?1010433
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 8 2004
Impact:  Disclosure of authentication information, User access via network
Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): USR8003; firmware v1.04 08
Description:  A vulnerability was reported in the US Robotics Broadband Router 8003. The router discloses passwords in clear text via the HTML interface.

Fernando Sanchez reported that the device uses a non-secure HTML interface and provides the administrative password in the HTML login form.

The vendor has reportedly been notified.
Impact:  A remote user can determine the administrative password.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.usr.com/products/networking/router-product.asp?sku=USR8003 (Links to External Site)
Cause:  Access control error
Reported By:  Fernando Sanchez <fer@ceu.fi.udc.es>
Message History:   None.

 Source Message Contents
Date:  Tue, 8 Jun 2004 13:41:11 +0200 (CEST)
From:  Fernando Sanchez <fer@ceu.fi.udc.es>
Subject:  U.S. Robotics Broadband Router 8003 admin password visible

 

Hello.
        US Robotics Broadband Router 8003 is a small home/SOHO router which
is configured using a HTML interface. This interface, as usual, asks for a
password in order to let you view or change configuration parameters. But
the password is checked first by a javascript function that just compares
two strings:

function submitF(F)
 
        var     loginflag,loginIP;
        var pwd;

        loginflag = 0;
        loginIP = "0.0.0.0";

        pwd = "thisistheadminpassword" ;

        if (loginflag == 1)
        {
                alert("Someone ( " + loginIP + " ) has logged in
as an administrator !");
                F.submit();
        }

        if ( F.PSW.value != pwd )
        {
                alert("Incorrect password!");
                F.submit();
        }
        F.submit();
 

And yes, pwd = "thisistheadminpassword" is actually showing the
administrator password. So anyone who can access the HTML administration
interface will be able to login and view or modify the device configuration.

This is true at least with firmware v1.04 08. The router firmware can be
upgraded but U.S. Robotics has not released any revision for the
8003 model yet.

I have contacted them and they have told me that the problem is not too
serious and that it can be solved by limiting the access to the router
interface to trusted people only. No mention to a firmware upgrade or
any other temporal workaround was made.

Kind regards,

Fernando Sanchez


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC