Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 – Insecure Configuration Management

• Exploit Database
• 28 阅读

• 作者： Sniper Pex
  日期： 2016-10-24
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/40629/

• Title: Industrial Secure Routers - Insecure Configuration Management
  Type: Local/Remote
  Author: Nassim Asrir
  Author Company: HenceForth
  Impact: Insecure Configuration Management
  Risk: (4/5)
  Release Date: 22.10.2016
  
  Summary:
  Moxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.
  The EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically 
  designed for automation networks,which protects the integrity of remote access and critical devices.
  
  description:
  
  Using this Vulnerability we can change the Admin configuration without knowing Password & Username
  
  Because the form for change the configurations is Insecure.
  
  Vendor:
  http://www.moxa.com/product/Industrial_Secure_Routers.htm
  
  Affected Version:
  EDR-810, EDR-G902 and EDR-G903
  
  Tested On:
  Linux // Dist (Bugtraq 2)
  
  Vendor Status:
  I told them and i wait for the answer.
  
  PoC:
  - when you navigate the server automatically you redirect to the login page (http://site/login.asp).
  
  - so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.
  
  Credits
  Vulnerability discovered by Nassim Asrir- <wassline@gmail.com>