_ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
--------------------------------------------------------------------------------
Author : Benkei
Date : 2008-02-08
Vendor : Siemens
Affected product : Gigaset SE461 WiMAX router
Firmware version : 1.5-BL024.9.6401
Propably other firmware versions are affected as well
Type : Denial of Service
OSVDB : 1055274
Milw0rm : 8260
CVE : 2009-1152
ISS X-Force: : 49365
BID : 34220
Secunia : 34386
After establishing a tcp connection to the affected device on port 53 from the
LAN interface and after closing the connection the router will restart.
Sometimes when using the web trigger with Internet explorer the WAN
configuration (ip, gateway ip, dns servers) for the device was lost and a
hardware reset was needed in order to make the device usable again.
This issue can be triggered from the LAN interface by direct connection or
by using specially crafted web content. For the web content to be able to
trigger the issue a browser withouth security restrictions on connection to
port 53 must be used, the tests done shows Internet Explorer like the only
one cappable of activating the bug.
Test made worked with Internet explorer version 7.0.6001.18000, it
didnt worked with Opera version 9.63 build 10476, Mozilla Firefox
version 3.0.1. nor Chrome 1.0.154.48. The html tags , an