MicroSolved finds hole in Ascom Timeplex Router Security

Brent Huston (bhuston@NETWALK.COM)
Thu, 15 May 1997 16:39:33 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Goerzen: "Vulnerability in Elm-ME+"
Previous message: Aaron Spangler: "NT4.0 SP3 Still vulnerable"

An error in Timeplex Routers allows a user to gain unauthorized access to the device through a special 'debug' mode. This mode allows manipulation of the router at the register level, as well as being able to reset the router or deny service. The 'debug' mode can be entered without logging into the router, by sending a number of cntrl-d sequences to the device. The router will then display it's ip address and other information and drop to a debug prompt.

This information could be used to gain further access to a network, or to change the router setup, or deny service. For further information, please contact Ascom.

MicroSolved is an independant security consulting firm located in Columbus, Ohio. We specialize in security auditing, intrusion detection, and dial-up security. For further information, please contact us via email at bhuston@netwalk.com

Next message: John Goerzen: "Vulnerability in Elm-ME+"
Previous message: Aaron Spangler: "NT4.0 SP3 Still vulnerable"