Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Network Appliances :: netopia3.htm

Netopia ISDN Router - system logs can be read from telnet without logon!



Vulnerability

    Netopia

Affected

    Netopia ISDN Router

Description

    This vulnerability was discoverd by Bok.  Further investigation by
    Andrew  Wellington  (aka  proton).   The  system logs (both device
    history  and  WAN  history)  can  be  read  from the telnet prompt
    without logging into the system.

    The logs of the router can be viewed from the telnet login  screen
    by pressing a  certain key combination.   To access the  WAN event
    log type Ctrl-F at the login screen and to access the device event
    log type Ctrl-E at the login screen.

    Access to  these logs  may allow  access to  sensitive information
    such as usernames or passwords to an arbitary internet user.

Solution

    This problem has been a known issue for some time and was resolved
    in Netopia firmware version 4.3.5.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH