Lucene search
Siemens Gigaset SX762 Default Credentials (HTTP)
🗓️ 05 Jun 2013 00:00:00Reported by Copyright (C) 2013 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 36 Views
Siemens Gigaset SX762 Default Credentials (HTTP) vulnerability allows remote attackers to gain unauthorized access
Show more
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/h:siemens:gigaset_sx762";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103730");
script_version("2024-09-25T05:06:11+0000");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:P/A:P");
script_tag(name:"last_modification", value:"2024-09-25 05:06:11 +0000 (Wed, 25 Sep 2024)");
script_tag(name:"creation_date", value:"2013-06-05 14:44:04 +0200 (Wed, 05 Jun 2013)");
script_name("Siemens Gigaset SX762 Default Credentials (HTTP)");
script_category(ACT_ATTACK);
script_family("Default Accounts");
script_copyright("Copyright (C) 2013 Greenbone AG");
script_dependencies("gb_siemens_gigaset_sx762_http_detect.nasl",
"gb_default_credentials_options.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("siemens/gigaset/sx762/http/detected");
script_exclude_keys("default_credentials/disable_default_account_checks");
script_tag(name:"solution", value:"Change the password.");
script_tag(name:"solution_type", value:"Mitigation");
script_tag(name:"summary", value:"The remote Siemens Gigaset SX762 is using known default
credentials.");
script_tag(name:"impact", value:"This issue may be exploited by a remote attacker to
gain access to sensitive information or modify system configuration.");
script_tag(name:"insight", value:"It was possible to login with password 'admin'.");
script_tag(name:"qod_type", value:"remote_vul");
exit(0);
}
if(get_kb_item("default_credentials/disable_default_account_checks"))
exit(0);
include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");
if(!port = get_app_port(cpe:CPE, service:"www"))
exit(0);
if(!get_app_location(cpe:CPE, port:port, nofork:TRUE))
exit(0);
useragent = http_get_user_agent();
host = http_host_name(port:port);
login = 'form_submission_type=login&form_submission_parameter=¤t_page=welcome_login.html';
login += '&next_page=home_security.html&i=1&admin_role_name=administrator&operator_role_name=operator';
login += '&subscriber_role_name=subscriber&choose_role=0&your_password=admin&Login=OK';
len = strlen(login);
req = string("POST /UE/ProcessForm HTTP/1.1\r\n",
"Host: ", host, "\r\n",
"User-Agent: ", useragent, "\r\n",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",
"Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3\r\n",
"Accept-Encoding: identity\r\n",
"Connection: close\r\n",
"Referer: http://", host, "/UE/welcome_login.html\r\n",
"Content-Type: application/x-www-form-urlencoded\r\n",
"Content-Length: ", len, "\r\n",
"\r\n",
login);
result = http_send_recv(port:port, data:req, bodyonly:FALSE);
url = "/UE/advanced.html";
req = http_get(item:url, port:port);
buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
if("Log Off" >< buf && "security.html" >< buf && "status.html" >< buf) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Jun 2013 00:00Current
7.5High risk
Vulners AI Score7.5