SEOWON-SLC130 Multiple backdoors

2018.11.30
ir Koorosh Ghorbani (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: SEOWON-SLC130 Multiple backdoors # Date: 29/11/2018 # Exploit Author: Koorosh Ghorbani # Vendor Homepage: http://mobinnet.ir/ # Firmware Version: 1.0.13 Disassembled `login.cgi` codes shows multiple backdoors with different privileges . if ( strcmp("user", privilege) && strcmp("VIP", privilege) ) { if ( strcmp("admin", privilege) ) { if ( !strcmp("system", privilege) || !strcmp("Administrator", privilege) ) read_ucfg_xml(0, (int)"/seowon/user/password/system", (int)&s); } else { read_ucfg_xml(0, (int)"/seowon/user/password/admin", (int)&s); } }else{ read_ucfg_xml(0, (int)"/seowon/user/password/user", (int)&s); } read_ucfg_xml refers to "NVRAM" , the NVRAM dump shows following credentials : <user> <id> <user>VIP</user> <system>Root</system> <admin>admin</admin> <root>root</root> </id> <password> <user>V!P83869000</user> <system>PWDd0N~WH*4G#DN</system> <admin>admin</admin> <root>gksrmf28</root> </password> <enable> <user>1</user> <system>1</system> <admin>1</admin> <root>0</root> </enable> </user> Default Credentials : admin:admin Backdoor Credentials : VIP:V!P83869000 (user privilege) Root:PWDd0N~WH*4G#DN (system privilege) root:gksrmf28 (root privilege (disabled))


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top