发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 22:56:17

[原文]Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.

[CNNVD]Motorola WR850G无线路由器远程验证绕过漏洞(CNNVD-200412-222)

        Motorola WR850G是一款无线路由器。
        Motorola WR850G无线路由器存在设计错误,远程攻击者可以利用这个漏洞绕过管理验证。
        攻击者通过周期性的访问受限'ver.asp'脚本来获得对WEB接口的访问,可以获得WEB接口用户名和密码,利用这个密码,通过访问frame_debug.asp,可获得WEB SHELL,在系统上执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  FULLDISC  20040923 Motorola Wireless Router WR850G Authentication Circumvention
(UNKNOWN)  BUGTRAQ  20040924 Motorola Wireless Router WR850G Authentication Circumvention
(PATCH)  BID  11241
(UNKNOWN)  XF  motorola-wr850g-gain-access(17474)

- 漏洞信息

Motorola WR850G无线路由器远程验证绕过漏洞
高危 设计错误
2004-12-31 00:00:00 2005-10-20 00:00:00
        Motorola WR850G是一款无线路由器。
        Motorola WR850G无线路由器存在设计错误,远程攻击者可以利用这个漏洞绕过管理验证。
        攻击者通过周期性的访问受限'ver.asp'脚本来获得对WEB接口的访问,可以获得WEB接口用户名和密码,利用这个密码,通过访问frame_debug.asp,可获得WEB SHELL,在系统上执行任意命令。

- 公告与补丁


- 漏洞信息

Motorola WR850G Wireless Router Authentication Bypass
Remote / Network Access, Wireless Vector Authentication Management
Loss of Integrity Upgrade
Exploit Public

- 漏洞描述

WR850G wireless router contains a flaw that may allow a remote attacker to log in with administrator access. The issue is triggered when the attacker repeatedly accesses the ver.asp file until a valid administrator logs in from a different IP, at which time the attacker gains administrator access to the device.

- 时间线

2004-09-23 Unknow
2004-09-23 Unknow

- 解决方案

Upgrade to version 5.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Motorola WR850G Wireless Router Remote Authentication Bypass Vulnerability
Design Error 11241
Yes No
2004-09-23 12:00:00 2009-07-12 07:06:00
Discovery is credited to Daniel Fabian.

- 受影响的程序版本

Motorola WR850G 4.0 3 firmware
Motorola WR850G 5.13 firmware

- 不受影响的程序版本

Motorola WR850G 5.13 firmware

- 漏洞讨论

Motorola WR850G wireless router is reported prone to a remote authentication bypass vulnerability. This issue is caused by a design error and may allow an attacker to ultimately take complete control over the device.

A remote attacker can gain access to the Web interface of the affected device by periodically attempting to access restricted pages such as the 'ver.asp' script.

Motorola wireless router WR850G running firmware version 4.03 is reportedly affected by this issue. It is possible that other models and firmware versions are affected as well.

- 漏洞利用

An exploit is not required to leverage this issue.

- 解决方案

The vendor has released firmware 5.13 to address this issue.

Motorola WR850G 4.0 3 firmware

- 相关参考