TUCoPS :: Network Appliances :: diva.htm

Eicon Diehl LAN ISDN Modem - crash with overlength password
Vulnerability

    Modem

Affected

    Eicon Diehl LAN ISDN Modem

Description

    Bjorn Stickler found following.  He recently found a security  bug
    in the diva lan  isdn modem that shuts  down the modem (fault  led
    on).  All you  have to do is  type the following location  in your
    browser:

        http://diva/login.htm?password=0123456789012345678901234567890123456789

    where diva is  the name of  your modem or  the ip-address.   After
    that, the modem is locked until you do a hard reset.

Solution

    1. In the default configuration this attack can only be  performed
       from the local network, and *not* from the Internet.
    2. Eicon  has  released  a  new  firmware  which fixes this  issue
       completely.   New versions  of the  Diva Lan  modem are already
       shipped with the new  firmware, and current users  can download
       the new firmware from Eicon's web site.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH