Detailed Description
Allegro RomPager embedded Web server toolkit, widely used in multi-vendor broadband router.
Allegro RomPager before 4.07 and 4.34 versions of the http cookie handling code exists 'doom Cookie' loopholes in the implementation of this vulnerability easy to use, extensive influence and cause serious harm, successfully exploited this vulnerability could allow an unauthenticated, remote attacker to obtain affected devices administrator privileges, the remote execution of arbitrary code, complete control of an affected device, steal sensitive information, install malicious software, bypassing any firewalls. According to the manufacturer bulletin, the vulnerability was discovered in 2002 v4.07 code base, has been repaired in 2005 v4.34 but many of the current gateway device firmware release this vulnerability still exists (ASUS, D-Link, Edimax, Huawei , TP-Link, ZTE, ZyXEL, etc.).
The vulnerability stems from an error in the affected software by HTTP cookie management mechanism, which can be exploited to manipulate cookie, to determine the fortune of the request. An attacker could send specially crafted HTTP cookie, exploit this vulnerability to corrupt memory, application and system state changes, so that the attacked device given current session administrator privileges.
<* Source: Shahar Tal
Link: http: //www.kb.cert.org/vuls/id/561444
http://mis.fortunecook.ie/
*>
Solution
Workaround:
* Apply the update.
* Use a third-party firmware.
* Disable the WAN side listener service HTTP or HTTPS connections.
Manufacturers patch:
Allegro
-------
Currently, some manufacturers have provided a firmware update. Make the appropriate firmware download according to their own Model
Huawei
http://consumer.huawei.com/cn/support/downloads/
ZTE
http://www.zte.com.cn/cn/services/products/support/
TP-LINK
http://service.tp-link.com.cn/