TITLE:
Sweex Wireless Broadband Router Exposure of Configuration

SECUNIA ADVISORY ID:
SA11603

VERIFY ADVISORY:
http://secunia.com/advisories/11603/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From local network

OPERATING SYSTEM:
Sweex Wireless Broadband Router/ Acces Point 11g

DESCRIPTION:
Mark Janssen has reported a vulnerability in Sweex Wireless Broadband
Router/Accesspoint, allowing malicious people to gain knowledge of
the configuration.

The problem is that the tftp service is running by default and isn't
restricted in anyway. This allows anyone with access to the network
to download configuration files, including a file containing
usernames and passwords.

Reportedly, the tftp service can't be disabled.

Other Sweex products may also be affected.

SOLUTION:
Do not use the device on networks with untrusted users.

PROVIDED AND/OR DISCOVERED BY:
Mark Janssen

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

----------------------------------------------------------------------