From: Axel Hammer <alpha01@grafx-design.de> To: BUGTRAQ@securityfocus.com, ts1@alliedtelesyn.com Subject: Cable-Router AR220e Portmapper Security-Flaw Date: Mon, 14 May 2001 11:03:54 +0200 Device: Allied Telesyn AT-AR220e, Firmware 1.08a RC14, combined DSL/Cable-Router, NAT, Firewall, HTML-Config This Device is equipped with the function 'Virtual Server', which is a portmapper WAN -> LAN. The 'Virtual Server'-functionality can be disabled completely and single portmappings can be disabled each, too. Problem: If a portmapping is set-up, e.g. Status; Global Port; Internal Port; Internal IP; Protocol disabled; 80; 80; 192.168.0.1; TCP AND the Virtual-Server-Feature is enabled, there is no check for the enabled/disabled setup of each of the single portmappings. They still remain active. Impact: It is possible to gain access to mapped services, which may be left unsecured. Solution: Unused mappings should be deleted from the list-of-portmappings. If there are no used mappings at all, the Virtual-Server-feature should be disabled. Vendor-Status: Informed on 2001-14-05 Regards, Axel P.S.: first posting ;-) -- de: GRAFX & DESIGN marketing Michael-Imhof-Str. 17 86609 Donauwörth Tel.: +49 (0)906-705706-11 Fax: +49 (0)906-705705-12 Mobile: +49 (0)171-9321435 info@grafx-design.de http://www.grafx-design.de