Vulnerability

    RomPager

Affected

    Allegro-Software-RomPager/2.10

Description

    "netsec [davidv]" found  following.  Allegro-Software-RomPager  is
    an http server which is used in network hardware like switches  to
    provide a web interface to remotely configure your hardware.

    Recently  author  of  advisory  was  bashing up a D-Link DES-3224+
    ethernet  switch  and  after   submitting  a  number  of   invalid
    authentication requests to the Allegro-Software-RomPager installed
    on  it  he  managed  to  freeze  the  whole switch putting all the
    network down.

    It seems  that sending  an incorrect  request to  the switch  will
    cause  the  http  server  to  crash  and  then crashing the actual
    switch.  This was tested only on a D-Link DES-3224+ however  there
    are  other  companies  which  use  the  Allegro software for their
    devices.  Companies which use it are (as on Allegro website):

        3Com
        Acacia Networks
        AccessLan Communications
        Agilent Corporation
        American Power Conversion
        Andover Controls Corporation
        Casio
        Cisco Systems
        D-Link Systems, Inc.
        eNote Corporation
        Netopia Communications
        Xerox

    ... and other companies at

        http://www.allegrosoft.com/innovators.html

    This  is  rather  serious  as  if  all these hardware items can be
    crashed by just an invalid request a typical blackhat can crash  a
    whole company  infrastructure in  a couple  of minutes.   Also APC
    (American Power Supplies) use  it and if anyone  has a UPS of  APC
    with RomPager try to test it out.

Solution

    Nothing yet.