Intex Router N-150 Arbitrary File Upload

2018.06.26

Credit: Samrat Das

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-264

# Exploit Title:aa Intex Router N-150 - Arbitrary File Upload
# Date: 2018-06-23
# Exploit Author: Samrat Das
# Version: N-150
# CVE : N/A
# Category: Router Firmware
 
# 1. Description
# The firmware allows malicious files to be uploaded without any checking of
# extensions and allows filed to be uploaded.
 
# 2. Proof of Concept
 
- Visit the application
- Go to the advanced settings post login
- Under backup- restore page upload any random file extension and hit go.
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Intex Router N-150 Arbitrary File Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.