AOH :: HP Unsorted P :: VA3288.HTM

Precidia Ether232 Memory Corruption
DDIVRT-2009-24 Precidia Ether232 Memory Corruption
DDIVRT-2009-24 Precidia Ether232 Memory Corruption

DDIVRT-2009-24 Precidia Ether232 Memory Corruption


Date Discovered
March 10th, 2009

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and princeofnigeria and r@b13$

Vulnerability Description
Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.

By making malformed GET requests to the built-in web server on certain Precidia Ether232 devices, it is possible to arbitrarily overwrite memory on the device and cause unknown impact.

Solution Description
At this point in time, Precidia Technologies has not provided a firmware upgrade addressing the memory corruption flaw. As a workaround, Precidia Technologies suggests that users disable the web server on the device through the serial or telnet configuration interface.

Tested Systems / Software (with versions)
Precidia Ether3201-232 w/ firmware 3.00.250
Precidia Ether232 Duo w/ firmware 5.00.02
Other versions are believed to be vulnerable.

Vendor Contact
Vendor Name: Precidia Technologies
Vendor Website: 
Contact Information:, 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to