CVE-2004-1585

Flash Messaging 5.2.0g - Denial of Service via Wide Character Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1585. PoCs published by Alberto Ortega Llamas.

AI-analyzed exploit summary This Ruby script exploits a Denial of Service (DoS) vulnerability in 3Com OfficeConnect ADSL Wireless 11g Firewall Router by sending an HTTP request with an excessively long 'Authorization' header. The exploit causes the router to crash or disrupt the internet connection.

Description

Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.

Exploits (1)

exploitdb WORKING POC

by Alberto Ortega Llamas · rubydoshardware

https://www.exploit-db.com/exploits/10553

View Code ZIP pw:eip

This Ruby script exploits a Denial of Service (DoS) vulnerability in 3Com OfficeConnect ADSL Wireless 11g Firewall Router by sending an HTTP request with an excessively long 'Authorization' header. The exploit causes the router to crash or disrupt the internet connection.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72 (Software Version 2.06T13)

No auth needed

Prerequisites: Network access to the target router · Ruby installed on the attacker's machine

MITRE ATT&CK