Forum Vodafone

Boas.

Por curiosidade fiz um NMAP ao meu Router Vodafone Smart Router 3.0 e fiquei surpreendido com a possível existência de vulnerabilidades no equipamento. Passo a explicar;

O Router tem o IP 192.168.1.1, estou ligado a um LINUX (artemis) e efetuei um NMAP --script vuln 192.168.1.1 e obtive pelo menos uma vulnerabilidade: | VULNERABLE: | Slowloris DOS attack - | IDs: CVE:CVE-2007-6750 a qual poderá ser vista aqui https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

lmsilva@artemis:~$ sudo nmap --script vuln 192.168.1.1
Starting Nmap 7.93 ( https://nmap.org ) at 2024-02-15 23:28 WET
Nmap scan report for 192.168.1.1
Host is up (0.00078s latency).
Not shown: 845 closed tcp ports (reset), 151 filtered tcp ports (no-response)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open and hold
| them open as long as possible. It accomplishes this by opening connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-passwd: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.1.1
| Found the following possible CSRF vulnerabilities:
|
| Path: http://192.168.1.1:80/scripts.4805164455d5853d9dbf.js
| Form id:
|_ Form action: '+t.opt.XMO_REMOTE_HOST+'/cgi/upload
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
| http-vuln-cve2010-0738:
|_ /jmx-console/: Authentication was not required
443/tcp open https
|_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-vuln-cve2010-0738:
|_ /jmx-console/: Authentication was not required
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.1.1
| Found the following possible CSRF vulnerabilities:
|
| Path: https://192.168.1.1:443/scripts.4805164455d5853d9dbf.js
| Form id:
|_ Form action: '+t.opt.XMO_REMOTE_HOST+'/cgi/upload
|_http-passwd: ERROR: Script execution failed (use -d to debug)
49152/tcp open unknown
MAC Address: 6C:FF:CE:EF:0A:C7 (Sagemcom Broadband SAS)

Nmap done: 1 IP address (1 host up) scanned in 88.20 seconds

O Router está configurado para ser usado o modo de HTTPS para gestão (embora não consiga desligar o HTTP) e apenas gerido pela LAN. Sei igualmente que esta gestão "é" apenas vista do lado da LAN, mas fico preocupado pois não deixa de ser um equipamento que está na Internet (mesmo monitorizado pelo vosso SOC,NOC,...)

Pensando que este equipamento poderá estar em dezenas, centenas e até milhares de lares convinha que a VODAFONE pronunciar-se sobre este tema de modo a que, pelo menos este cliente, fique mais descansado com o Internet na sua casa.

Se necessitarem de mais detalhes contactem-me por favor. Obrigado

Melhore cumprimentos.