-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Device Specifics

=================

Name:         Netopia ISDN Router 650-ST

Manufacturer: Netopia

Version:      Firmware 3.3.2

Risk:         Viewing of all system logs without login

Advisory:     2000-03



Problem

=======



The system logs (both device history and WAN history) can be read

from the telnet prompt without logging into the system.



Details

=======



The logs of the router can be viewed from the telnet login screen by

pressing a certain key combination.



To access the WAN event log type Ctrl-F at the login screen

To access the device event log type Ctrl-E at the login screen



Access to these logs may allow access to sensitive information such

as usernames or passwords to an arbitary internet user.



Fixes

=====



None available.





Workaround

==========



Do not allow telnet access to your router to untrusted hosts.





Acknowledgements

===============



This vulnerability was discoverd by Bok 

Further investigation by Andrew Wellington (aka proton)





Disclaimer

==========

THIS INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.

ANDREW WELLINGTON DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR

IMPLIED,

INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

PARTICULAR PURPOSE. IN NO EVENT SHALL ANDREW WELLINGTON BE LIABLE FOR

ANY DAMAGES WHATSOEVER INCLUDING, BUT NOT LIMITED TO, DIRECT,

INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR

SPECIAL DAMAGES, EVEN IF ANDREW WELLINGTON HAS BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGES.





PGP Key

=======



PGP key is available at keyserver.net

Key ID: 0x77168373

Fingerprint:

E8C3 789F 30C3 658E 1D90  56EB 0097 3EE3 7716 8373



-----BEGIN PGP SIGNATURE-----

Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>



iQA/AwUBOf1XywCXPuN3FoNzEQLiMgCdFyrc4kxfld6EL0/bEHYJ0+fF6GgAoJl+

KZYtG//tuDj7avHoUtGNiVZ/

=jaBx

-----END PGP SIGNATURE-----