Author Topic: AirStation HP N300 DD-WRT CVE-2002-1463 ISN vulnerability  (Read 4389 times)

DoctorDOS

  • Calf
  • *
  • Posts: 1
AirStation HP N300 DD-WRT CVE-2002-1463 ISN vulnerability
« on: November 05, 2018, 01:06:20 PM »
A customer has a dedicated Internet connection for their point of sale debit machine.  In order to pass PCI compliance they they have to have their network scanned by a third party. https://www.pcicomplianceguide.org/faq/ .  It's basically a NESSUS scan.  The AIRSTATION_HIGHPOWER_N300_DD-WRT with the most recent firmware failed that test.  From the report...

The remote host seems to generate Initial Sequence Numbers (ISN) in a weak
manner which seems to solely depend on the source and dest port of the TCP
packets.
http://seclists.org/bugtraq/2002/Aug/60
http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.html

This is a bug that goes way back to 2002 that should have been patched with kernel V 2.4.  Any suggestions or alternative FW that we could try?  I did download the latest DD-WRT FW but it would not load from the web interface and I don't wish to brick the unit.