Skip to content
cyberexploits
webapphardwaretext

DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation

DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation

Published on 2017-03-18

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/webapps/41633.txt7eac4c3a
raw
Title:

======



Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.



CVE Details:

============

CVE-2017-6896



Reference:

========== 



https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896

https://vuldb.com/sv/?id.97954

https://www.indrajithan.com/DIGISOL_router_previlage_escaltion





Credit:

======



Name: Indrajith.A.N

Website: https://www.indrajithan.com



Date:

====



13-03-2017



Vendor:

======



DIGISOL router is a product of Smartlink Network Systems Ltd. is one of India's leading networking company. It was established in the year 1993 to prop the Indian market in the field of Network Infrastructure.



Product:

=======



DIGISOL DG-HR1400 is a wireless Router





Product link: http://wifi.digisol.com/datasheets/DG-HR1400.pdf



Abstract details:

=================



privilege escalation vulnerability in the DIGISOL DG-HR1400 wireless router enables an attacker escalate his user privilege to an admin just by modifying the Base64encoded session cookie value 



Affected Version:

=============



<=1.00.02





Exploitation-Technique:

===================



Remote





Severity Rating:

===================



8





Proof Of Concept :

==================



1) Login to the router as a User where router sets the session cookie value to VVNFUg== (Base64 encode of "USER")

2) So Encode "ADMIN" to base64 and force set the session cookie value to QURNSU4= 

3) Refresh the page and you are able to escalate your USER privileges to ADMIN.





Disclosure Timeline:

======================================

Vendor Notification: 13/03/17



View on GitHub