The Graveyard - Products No Longer Supported > DIR-635
Security scan fails w/ TFTP Server open - how to close??
Tinchote:
This is not a fake scan. On my DIR 632, using tftp, I was able to read /etc/passwd and /etc/hosts, and to upload a file to; to make it worse, I was able to do this from outside the LAN.
FurryNutz:
Link>Welcome!
* What Hardware version is your router? Look at sticker under the router case.
* Link>What Firmware version is currently loaded? Found on the routers web page under status.
* What region are you located?
* Are you wired or wireless connected to the router?
Tinchote:
Thanks. It's a DIR 632. hardware A1, firmware 1.01NA.
I'm in Canada. I'm accessing the router through the internet, I'm some 4km away from it; that's the scary thing, I don't mind if a port is opened towards the LAN, but this is opened wide to the world.
I run, on my console, "tftp my-router-ip GET /etc/passwd" and I was able to retrieve the file. I was also able to upload a file.
FurryNutz:
I recommend upgrading the routers FW and see if this issue is closed:
http://support.dlink.ca/ProductInfo.aspx?m=DIR-632
Please follow this for updating FW: Link> >FW Update Process
"This product has been discontinued.
Free support for this product has ended on 08/02/2014"
Tinchote:
Thanks, I'll try that.
Navigation
[0] Message Index
[#] Next page
Go to full version