Jun 19, 2014

Path traversal in TP-LINK WR740 and possibly others

Summary

TP-Link WR740 routers are vulnerable to a path traversal vulnerability on the web administration interface. Unauthenticated users are able to read any file from the device.

Description

Models: WR740N, WR740ND and possibly others.
Update: People have been reporting on forums that models WR743ND,WR842ND,WA-901ND,WR941N,WR941ND,WR1043ND,WR2543ND,MR3220,MR3020,WR841N are also based on the same HTTP daemon but we haven't been able to test it ourselves.
Firmware: 3.12.11 Build 111130 Rel.55312n and possibly others
Date: 26/05/2012
Severity: High
Impact: Disclosure of configuration and password files.
Attack vector: Remote. No auth required.
Solution: N/A

The router TP-Link WR740ND/WR740N has a HTTP server running on port 80 handling the web management interface.

There exists a path traversal vulnerability in the URI "/help" that allows attackers to read any file including configurations.

It is possible to read other configuration files if the services have been configured previously. (No-IP, DyDNS, Samba, NFS)

POC


After further research we discovered that the URL was posted before on some russian forum, but not mentioned as a vulnerability and specifying another model.

Paulino Calderón
calderon()websec.mx

Jun 17, 2014

Technology Used Primarily for Next Generation Network/FTTH

With the progress in the Technology, larger bandwidths are required with the increasing complexities. Corporate Units, homes offices, ATM has forced FSAN group to look for better technologies. FSAN initiated the Gigabite Passive Optical Network (GPON) Standardization work in the Year 2001, for designing networks offering high data transmission with a transmission capacity as high as 1Gbps.. Another specialized feature of GPON is that it offers coverage data and voice service upto 2.5 Gbps, and so gives a big advantage over the other available schemes.

GPON:


EPON:


Ethernet equipment vendors formed Ethernet in the First Mile Alliance (EFMA) to work on a architecture for FTTH as Ethernet is a dominant protocol in Local Area Network. EPON based FTTH was adopted by IEEE standard IEEE802.3ah in September 2004. Adopting Ethernet technology in the access network would make uniform protocol at the customer end simplifying the network management. Single protocol in Local Area Network, Access Network and Backbone network enables easy rollout of FTTH.

EPON standards networking community renamed the term ‘last mile’ to ‘first mile’ to symbolize its importance and significance access part of the network. EFM introduced the concept of Ethernet Passive Optical Networks (EPONs), in which a point to multipoint (P2MP) network topology is implemented with passive optical splitters.

EPON, is largely vendor-driven standard and it is fundamentally similar to ATM-PON but transports Ethernet frames/packets instead of ATM cells. It specified minimum standardization and product differentiation, also it has decided not to standardize the Bandwidth allocation algorithm (DBA), TDM and ATM support, Security, Authentication, WDM Overlay Plan, support for Analog Video Protection, Diagnostics, Monitoring,, Compliance with existing OSS leaving these to the vendors to choose the best.

Multiple Ports / Flexible 100Base-FX Fiber Optical connective for Distance Extension Solution

Functional re-evolution! Enhanced Management Features PLANET FGSW-2624SF Managed Fiber Switch has excellent reputation from FTTx Service Providers by offering multiple high-speed fiber ports and high flexibility in network deployment. To bring users better and better performed Ethernet networking, PLANET introduces FGSW-2624SF update version with minor changes in hardware but greatly promoted management functions in firmware. The FGSW-2624SF features highly secure SSL function, Telnet command line management mode, and SNMP 4 RMON Groups (Statistics, History, Alarm and Event) besides the existing user-friendly WEB management interface.For L2 / L4 switching management, Q-in-Q (Double Tag) VLAN is included to fit the increasing demand in Metro Access application; IP DSCP QoS priority is also featured to enhance the VoIP streaming in the fiber-optic network. With these advanced networking features, the FGSW-2624F is most suitable for long-distance fiber-optic network deployment like IP surveillance system, campus, distance learning, FTTx, MDU (Multi-Dwelling Unit), MTU (Multi-Tenant Unit) and Metro markets.

Key Features:
  • WEB / SSL / Telnet / SNMP Management
  • IEEE 802.1Q / Q-in-Q VLAN
  • IEEE 802.1w RSTP protocol / IEEE 802.3ad Link Aggregation
  • IGMP Snooping v1, v2 and Query mode
  • IP DSCP QoS and Bandwidth Control
  • Layer 2 / 3 / 4 ACL and Port Security
  • SNMP v1 / v2c and 4 RMON Groups
Application:
With 24 100Base-FX SFP ports and 2 Gigabit TP/SFP combo ports, the switch provides a cost-effective, high-performance for FTTx solutions. To build a network solution of FTTH (Fiber to the Home) or FTTC (Fiber to the Curb) for ISPs and FTTB (Fiber to the Building) for enterprise, the various distances of SFP (small-form factor) and Bidi (WDM) transceivers are optional for customers. Compared with traditional fiber switch that equipped fixed distance (2Km) and connection mode (SC only), the 24 SFP ports provides flexible solution for ISPs and enterprises. In addition, the two Gigabit TP/SFP combo ports can be used as uplink port which connects to the data centers and backbones.

Small Form-factor Pluggable (SFP)

Small form-factor pluggable (SFP) is a specification for a new generation of optical modular transceivers. The devices are designed for use with small form factor (SFF) connectors, and offer high speed and physical compactness. They are hot-swappable.


SFP transceivers are expected to perform at data speeds of up to five gigabits per second (5 Gbps), and possibly higher. Because SFP modules can be easily interchanged, electro-optical or fiber optic networks can be upgraded and maintained more conveniently than has been the case with traditional soldered-in modules. Rather than replacing an entire circuit board containing several soldered-in modules, a single module can be removed and replaced for repair or upgrading. This can result in a substantial cost savings, both in maintenance and in upgrading efforts.

Several companies have formed a consortium supporting the use of SFP transceivers to meet their common objectives of broad bandwidth, small physical size and mass, and ease of removal and replacement.

Jun 14, 2014

Passive Optical LAN (POL) : The Future LAN

Technology has began a transformation into the new age with passive optical lan. Take your business into the green zone by taking advantage of this modern updated way of replacing the old copper wires with modern fiber optics. Among the industry of upgrades.


As things move so fast that the world cannot keep up with the changing technology, POL makes a progressive attempt at reducing power consumption. First you need to understand this is the most green initiative around. POLwill save in your energy costs providing a very important money saving method for any business. While the cost of power is saved on a day to day basis, there will be a longer lasting effect for the longevity of your equipment. In respect to fiber optics the POL will bring about nearly five times more life that once existed with the old standby copper.

The benefits of the new fiber optic systems will not only be in the longer life they provide but in the speed they are able to add to any older system. In an economy that seems to flounder in an attempt to survive saving money in Capital expense ( CapEX ) and operating costs (OpeX ) are some of the top rated needs for all businesses. One source of money saving potential will come with the amount of heat and power that are eliminated using the POL deployment as opposed to copper wires.


With the technology you are provided the efficient fiber optic connectivity to any and all Ethernet end points. Bringing about a simplified LAN as this system replaces copper infrastructures with its POL. The new installation not only saves on the amount of heat generated and power needed but can save a business in space due to the compact design of the new POL, which in turn will save more money.


Installation of the passive optical lan will simplify your operations to a much easier manageable rate of working by the elimination of the necessary fees charged annually for licensing and service of the traditional system. With this form of passive optical network you receive the simplest, safest and most secure series of possibilities that the market offers at this time.


Passive Optical Lan is tested and a proven technology, more than 1 Million ONT has been shipped and Joint Interoperability Test Command (JITC) approval lays groundwork for U.S. Department of Defense to immediately begin deployments of Motorola’s proven all optical LAN solution.