SMC Routers remote administration without authentication 1.2
 
Plugin ID186
Plugin nameSMC Routers remote administration without authentication
Plugin filenameSMC Routers remote administration without authentication.plugin
Plugin filesize2552 bytes
Plugin familyNetwork Devices
Plugin created nameNico 'Triplex' Spicher
Plugin created emailTriplex at IT-Helpnet dot de
Plugin created webhttp://triplex.it-helpnet.de
Plugin created companyhttp://www.it-helpnet.de
Plugin created date2004/09/07
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.2
Plugin changelogMade some slight modifications in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2
Plugin protocoltcp
Plugin port1900
Plugin procedure detectionopen|send GET / HTTP/1.0\n\n|sleep|close|pattern_exists 200
Plugin detection accuracy10
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameuser86
Bug published emailuser86 at earthlink dot net
Bug affectedSMC Routers 7008ABR, 7004VBR and other models
Bug not affectedOther routers
Bug vulnerability classMissing authentication
Bug descriptionSMC broadband routers ship with remote administration (completely passwordless) enabled by default on their port 1900 on the WAN side of the router.
Bug solutionEnable FW & forward port 1900 of the router to a non-existent internal IP address.
Bug fixing timeAprox. 20 Minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localNo
Bug severityHigh
Bug popularity4
Bug simplicity8
Bug impact9
Bug risk6
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.