Solar-Log 500 2.8.2 Incorrect Access Control

2021.06.11

Credit: Luca.Chiou

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP""

# Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control
# Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP""
# Date: 2021-06-11
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.solar-log.com/en/
# Software Link: Firmware for Solar-Log https://www.solar-log.com/en/support/firmware/
# Version: Solar-Log 500 all versions prior to 2.8.2 Build 52 - 23.04.2013
# Tested on: It is a proprietary devices: https://www.solar-log.com/en/support/firmware/
# 1. Description:
# The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication,
# which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
# As a result, the attacker can modify configuration files and change the system status.
# 2. Proof of Concept:
# Access the /lan.html of Solar-Log 500 without ANY authentication,
# and you can get gain administrative privileges to modify configuration files and change the system status.
# http://<Your Modem IP>/lan.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Solar-Log 500 2.8.2 Incorrect Access Control

Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP""

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.