Het is inmiddels half augustus, en de Ziggo Connectbox is nog steeds kwetsbaar voor deze zeer simpele DoS aanval.
Maandenlang is de CVE over deze kwetsbaarheid verborgen geweest op de CVE website, maar nu Intel eindelijk zelf de problemen onderkend heeft is ook de CVE weer terug.
Hier de resultaten van mijn ConnectBox:
Baseline, geen DoS, 0% loss, 17ms average ping
code:
105 packets transmitted, 105 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 12.010/17.364/123.931/12.120 ms
0.5MBit DoS, 7% packet loss, 117ms average ping
code:
99 packets transmitted, 92 packets received, 7.1% packet loss
round-trip min/avg/max/stddev = 14.564/117.156/258.092/74.305 ms
1Mbit DoS, 52% packet loss, 249ms average ping
code:
92 packets transmitted, 44 packets received, 52.2% packet loss
round-trip min/avg/max/stddev = 13.609/249.186/390.803/72.137 ms
2Mbit DoS, 68% packet loss, 232ms average ping
code:
97 packets transmitted, 31 packets received, 68.0% packet loss
round-trip min/avg/max/stddev = 15.083/232.439/417.672/92.414 ms
Wanneer mogen we de firmware met DoS fix nu verwachten?