ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Attack Requirements<br />
♦ The attacker must have the ability to access the DLNA server.<br />
♦ Authentication is not required for exploitation.<br />
Details<br />
♦ Other firmware versions may be vulnerable.<br />
Impact<br />
If an unauthenticated remote attacker has access to the routers DLNA server, the attacker<br />
can crash the server causing a Denial of Service. The DLNA server will remain unusable<br />
until the router is rebooted.<br />
Recommendations to the Vendor<br />
♦ Implement code logic to handle requests for resources that do not exist.<br />
♦ Additional information for vendors regarding immediate and long term fixes for<br />
these issues can be found here: http://www.securityevaluators.com/content/casestudies/routers/#recommendationsVendors<br />
Solution<br />
♦ There currently is not a solution to this problem.<br />
Proof of Concept Exploit<br />
Make the following web request (Where INT is an arbitrary integer of an non-existent<br />
resource) to the DLNA media server.<br />
♦ http://X.X.X.X:port/MediaItems/INT.mp3 <br />
Disclosure Timeline<br />
♦ 2/25/2013 - Notified Netgear<br />
♦ 4/15/2013 - Public Disclosure<br />
References<br />
♦ Advisory/Video: http://infosec42.blogspot.com<br />
♦ http://securityevaluators.com/content/case-studies/<br />
Credit<br />
♦ Discovered By: Jacob Thompson – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
♦ Exploited By: Jacob Thompson – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
<br />
37