Author Topic: "ZSL-2014-5208"? What's going on?  (Read 17760 times)

0 Members and 1 Guest are viewing this topic.

Offline lukor

  • Avast team
  • Super Poster
  • *
  • Posts: 1885
    • AVAST Software
Re: "ZSL-2014-5208"? What's going on?
« Reply #15 on: April 05, 2016, 02:32:01 AM »
Hi guys,

just a little explanation, this vulnerability ZLS-2014-5208 is really reported for Netgear routers (see more info e.g. here: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5208.php), but when Avast Home Network Security is testing for the vulnerability, it does not limit itself to Netgear only.

In this specific case, the vulnerability shows that with a specially crafted URL request, the attacker is able to read files from the router, without being authenticated (without knowing the router's password). This is a real security risk. In Home Network Security Scan we are doing exactly that, we send a HTTP query and read the response - matching the response body against some keywords to find out if the router is vulnerable or not.

Without the logs we can hardly say if Bell Home Hub modem also response to these URLs with a valid unauthenticated file contents and is also vulnerable, similarly to Netgear. It is possible, or it might return a "Access denied" page that confuses us - making it a false positive.

We will be more that greatful for anyone with Bell Home Hub modem to send us the scan logs to improve the checks!
Thanks!

Lukas.