Vulners
Lucene search
Tenda N3 Wireless N150 Router - Authentication Bypass
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Tenda N3 Wireless N150 Home Router - Authentication Bypass Vulnerability | 21 Feb 201700:00 | – | zdt |
 | CVE-2015-5995 | 3 Sep 201500:00 | – | circl |
 | Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N Security Bypass Vulnerability | 20 Sep 201500:00 | – | cnvd |
 | CVE-2015-5995 | 31 Dec 201502:00 | – | cve |
 | CVE-2015-5995 | 31 Dec 201502:00 | – | cvelist |
 | Tenda N3 Wireless N150 Router - Authentication Bypass | 3 Sep 201500:00 | – | exploitpack |
 | CVE-2015-5995 | 31 Dec 201505:59 | – | nvd |
 | Design/Logic Flaw | 31 Dec 201505:59 | – | prion |
 | Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities | 3 Sep 201500:00 | – | cert |
# Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers
# Date: 03-09-2015
# Software Link: http://tendacn.com/en/product/N150.html
# Exploit Author: Mandeep Jadon
# Contact: http://twitter.com/1337tr0lls
# Website: http://twitter.com/1337tr0lls
# CVE: CVE-2015-5995
# Category: Device
Description:
The router (AP) is using very poor authentication mechanism . It uses a
static cookie to verify the incoming authentication. After careful
inspection it was found that the cookie used were same for any number of
authentication by the Admin .
Thus the cookie can be easily forged and the admin account could be
compromised without supplying the credentials .
Proof Of Concept:
Inject the following cookie in the browser with the given values :
admin:language : en
Reload the page . You are logged into the admin account .
Video POC : https://www.youtube.com/watch?v=dvF-7KK0g6E
Mitigation :
Use: a secure authentication mechanism consisting of random , complex
cookies .
References :
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5995
https://www.kb.cert.org/vuls/id/630872Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Sep 2015 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 39.8
CVSS 210
EPSS0.38203