Samsung G3210 failed to check privileges

2009-03-05 / 2009-03-06
Credit: Cyber
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Hi all, the Samsung G3210 and probably other versions also, offers a FTP-Server with the default user "ftpuser" and passwort "ftpuser". After login to the router it's possible to change in various directory e.g "/tmp. Now you can easyly download the configuration of the router. The file "rc.conf.tmp" contains the cleartext password of the internet provider (often freenet). If the ftp account is not enabled, then look for a modded version with web-interface and the default password "BANANA", then you can enable it. ;-) cyber P.S. Lycos rocks forever! ;-)

References:

http://seclists.org/fulldisclosure/2009/Mar/0101.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2025, cxsecurity.com

 

Back to Top