Sagem Fast 3304-V2 Credential Disclosure

2016-11-14 / 2016-11-15
Credit: Nassim Asrir
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Exploit title: FAST3304v2 Credentials Disclosure vulnerability Author: Nassim Asrir Author Company: HenceForth Author Email: wassline@gmail.com Discovered on: 13/11/2016 Tested on: Linux x86_64 / Mozilla Firefox 49. Tested Version: Sagem Fast 3304-V2 (other versions may also be affected) Vendor: http://www.sagemcom.com/ Description : - Sagem Fast 3304-v2 router is vulnerable to a Remote Credentials Disclosure Vulnerability . This vulnerability allow to a remote attacker to get the login and password for any services in the router (Ex: USB Share) Proof: - The Sagem fast 3304-v2 router has a service (USB Share) this service allow to share Folder or Pics or in Local Network (LAN) and for see the shared folders you need the login credentials from the Admin . So we can get it just with a javascript code. 1- Navigate The router Login Page (192.168.1.1). 2- Inject the Javascript Code in searchbar: javascript:mimic_button('sidebar: %20lb_sidebar_advanced_memory_sharing..', 0) 3- Now you can see the login credentials: * The host to see shared folders is 192.168.1.1 4- and now we get the login and pass but the pass is unclear so just click in (CTRL + u ) to see the source code and click in (CTRL + f) and put in the search box (password) and you can see the value for password clear.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top