mailing list archives
Cable-Router AR220e Portmapper Security-Flaw
From: Axel Hammer <alpha01 () grafx-design de>
Date: Mon, 14 May 2001 11:03:54 +0200
Allied Telesyn AT-AR220e, Firmware 1.08a RC14, combined DSL/Cable-Router, NAT,
This Device is equipped with the function 'Virtual Server', which is a
portmapper WAN -> LAN.
The 'Virtual Server'-functionality can be disabled completely and single
portmappings can be disabled each, too.
If a portmapping is set-up, e.g.
Status; Global Port; Internal Port; Internal IP; Protocol
disabled; 80; 80; 192.168.0.1; TCP
AND the Virtual-Server-Feature is enabled, there is no check for the
enabled/disabled setup of each of the single portmappings. They still remain
It is possible to gain access to mapped services, which may be left unsecured.
Unused mappings should be deleted from the list-of-portmappings. If there are no
used mappings at all, the Virtual-Server-feature should be disabled.
Informed on 2001-14-05
P.S.: first posting ;-)
GRAFX & DESIGN
Tel.: +49 (0)906-705706-11
Fax: +49 (0)906-705705-12
Mobile: +49 (0)171-9321435
info () grafx-design de
- Cable-Router AR220e Portmapper Security-Flaw Axel Hammer (May 16)