Comtrend CT 5361T Password Disclosure

2014.04.13
Credit: TUNISIAN CYBER
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Author: TUNISIAN CYBER [+] Exploit Title: Comtrend CT 5361T Password Disclosure Vulnerability [+] Date: 07-04-2014 [+] Category: WebApp [+] Tested on: Windows 7 Pro [+] Vendor: http://www.comtrend.com/ [+] Product: http://www.comtrend.com/cgi-bin/na/db-searchn.cgi?template=proview1.htm&dbname=product&key2=32&action=searchdbdisplay [+] Friendly Sites: na3il.com,th3-creative.com 1.OVERVIEW: WiFi router Comtrend CT 5361T suffers from a Password Disclosure Vulnerability 2.Version: CT 5361T (more likely CT CT 536X) Software Version: A111-312SSG-T02_R01 Wireless Driver Version: 4.150.10.15.cpe2.2 3.Background: The CT-5361T is an 802.11g (54Mbps) Wireless and Wired ADSL2+ router. Four 10/100 Base-T Ethernet ports and an optional USB port and an integrated 802.11g WiFi WLAN Access Point (AP) provide with wired LAN connectivity and wireless connectivity separately. The CT-5361T ADSL2+ router also provides for state of the art security features such as WPA data encryption, Firewall and VPN pass through. The CT-5361T is designed for both residential and business applications that require wireless and wired connectivity to an ADSL broadband network. The CT-5361T supports up to 16 contiguous virtual connections allowing for multiple simultaneous Internet connections. The CT-5361T is also designed with TR-068 compliant color panel and LED indicators, which eases the installation of the modem and makes it more user-friendly. 4.Proof Of Concept: The attacker can access to "password.cgi" without authentication, when he opens the page source he could fetch the Panel password 1) http://i.imgur.com/uHumx1J.png 2) http://i.imgur.com/CG6HFOY.png pwdUser = 'dXNlcg=='; dXNlcg== Base64 ===> user Username: user Password: user Also the root access: Y3RBZG1pbg== Base64= ctAdmin(the default one because as you can see in the photo i've changed it) Username: root Password: ctAdmin 3)http://i.imgur.com/J0k9Dvl.png 4)http://i.imgur.com/QP7L3TK.png 5.Solution(s): NOT FIXED Change Router 6.TIME-LINE: 07-04-2014: Vulnerability was discovered. 07-04-2014: Contact With the vendor. 07-04-2014: Contact With ISP. 08-04-2014: No reply from the vendor neither the ISP. 09-04-2014: No reply from the vendor neither the ISP. 10-04-2014: No Reply 11-04-2014: Vulnerability Published ..... .... ..... 7.Greetings: Xmax-tn Xtech-set N43il Sec4ver,E4A Members


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top