Abstract
As the main routing device of the network, most routers can be set up and managed through their web enabled admin portal. This paper proposes a new method for router admin portal vulnerability mining fuzzing test (RW-fuzzer: Router Web fuzzer). The mutation samples that generated by Boofuzz are used to construct the test sample set for fuzzy testing. The constructed mutation test cases are more suitable for the attack load or critical value of the router’s Web interface. They can cause unexpected errors for the devices more easily, which achieves the goal of discover potential vulnerabilities, and the practicality is excellent. Based on the proposed RW-fuzzer method, this work conducted fuzzing tests on 4 widely sold router models from manufacturers. Four nday vulnerabilities and one 0day vulnerability have been found. Experiment results show that the proposed RW-fuzzer method is effective.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.