Intex Router N-150 - Arbitrary File Upload

2018-06-25T00:00:00
ID EDB-ID:44939
Type exploitdb
Reporter Exploit-DB
Modified 2018-06-25T00:00:00

Description

Intex Router N-150 - Arbitrary File Upload. Webapps exploit for Hardware platform

                                        
                                            # Exploit Title:​​ Intex Router N-150 - Arbitrary File Upload
# Date: 2018-06-23
# Exploit Author: Samrat Das
# Version: N-150
# CVE : N/A
# Category: Router Firmware

# 1. Description
# The firmware allows malicious files to be uploaded without any checking of
# extensions and allows filed to be uploaded.

# 2. Proof of Concept

- Visit the application
- Go to the advanced settings post login
- Under backup- restore page upload any random file extension and hit go.
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file.