ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Vulnerability</strong>: Multiple Buffer Overflow <br />
CVE: CVE-2013-3100<br />
CVE: CVE-2013-4659<br />
Description<br />
The TRENDnet TEW-812DRU router contains several software packages that are<br />
susceptible to multiple Buffer Overflow attacks, and when triggered, can result in Denial<br />
of Service or Remote Code Execution.<br />
Vulnerable Software: KC_FTP, KC_SMB, RC Network Utility, and Broadcom ACSD.<br />
Attack Requirements<br />
♦ The attacker needs access to FTP, SMB, ACSD or HTTP network services in<br />
order to launch the overflow attacks.<br />
♦ Authentication is required to exploit the overflow present in the RC network<br />
configuration binary accessible by the HTTP network service.<br />
Details<br />
♦ Other firmware versions were not tested and could be vulnerable.<br />
♦ Vulnerable Commands (Not all commands were tested)<br />
♦ KC_FTP: USER<br />
♦ ACSD: autochannel¶m, autochannel&data, csscan&ifname<br />
♦ RC: wan_pptp_username, wan_pptp_password (From web application)<br />
♦ KC_SMB: SMB Negotiation Request<br />
Impact<br />
♦ These vulnerabilities can lead to a denial-of-service or a total compromise of the<br />
affected router.<br />
Recommendations to the Vendor<br />
♦ Perform bounds checking on user input that is copied into fixed length buffers.<br />
♦ Avoid using functions such as strcpy() or sprintf() that don't perform bounds<br />
checking.<br />
♦ Additional information for vendors regarding immediate and long term fixes for<br />
these issues can be found here: http://www.securityevaluators.com/content/casestudies/routers/#recommendationsVendors<br />
Solution<br />
♦ There currently is not a solution to this problem.<br />
♦ Restrict access to WAN services to prevent an attacker from gaining access if an<br />
<br />
15