Lucene search
+L

Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management

🗓️ 24 Oct 2016 00:00:00Reported by Sniper PexType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 41 Views

Industrial Secure Routers - Insecure Config Management, EDR series secure routers, vulnerable to unauthorized config change

Code
Title: Industrial Secure Routers - Insecure Configuration Management
Type: Local/Remote
Author: Nassim Asrir
Author Company: HenceForth
Impact: Insecure Configuration Management
Risk: (4/5)
Release Date: 22.10.2016

Summary:
Moxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.
The EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically 
designed for automation networks,which protects the integrity of remote access and critical devices.

description:

Using this Vulnerability we can change the Admin configuration without knowing Password & Username

Because the form for change the configurations is Insecure.

Vendor:
http://www.moxa.com/product/Industrial_Secure_Routers.htm

Affected Version:
EDR-810, EDR-G902 and EDR-G903

Tested On:
Linux // Dist (Bugtraq 2)

Vendor Status:
I told them and i wait for the answer.

PoC:
- when you navigate the server automatically you redirect to the login page (http://site/login.asp).

- so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.

Credits
Vulnerability discovered by Nassim Asrir  - <[email protected]>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation