Sagem Fast 3304-V2 Credential Disclosure

2016-11-14 / 2016-11-15
Credit: Nassim Asrir
Risk: High
Local: No
Remote: Yes

Exploit title: FAST3304v2 Credentials Disclosure vulnerability Author: Nassim Asrir Author Company: HenceForth Author Email: Discovered on: 13/11/2016 Tested on: Linux x86_64 / Mozilla Firefox 49. Tested Version: Sagem Fast 3304-V2 (other versions may also be affected) Vendor: Description : - Sagem Fast 3304-v2 router is vulnerable to a Remote Credentials Disclosure Vulnerability . This vulnerability allow to a remote attacker to get the login and password for any services in the router (Ex: USB Share) Proof: - The Sagem fast 3304-v2 router has a service (USB Share) this service allow to share Folder or Pics or in Local Network (LAN) and for see the shared folders you need the login credentials from the Admin . So we can get it just with a javascript code. 1- Navigate The router Login Page ( 2- Inject the Javascript Code in searchbar: javascript:mimic_button('sidebar: %20lb_sidebar_advanced_memory_sharing..', 0) 3- Now you can see the login credentials: * The host to see shared folders is 4- and now we get the login and pass but the pass is unclear so just click in (CTRL + u ) to see the source code and click in (CTRL + f) and put in the search box (password) and you can see the value for password clear.

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top