Vulners
Lucene search
BSNL Teracom Router Firmware Rewrite / Link Modification
| Reporter | Title | Published | Views | Family All 29 |
|---|---|---|---|---|
 | D-Link DCS-931L - Arbitrary File Upload (Metasploit) | 7 Jan 201600:00 | – | zdt |
 | CVE-2015-2049 | 7 Jan 201600:00 | – | circl |
 | D-Link DCS-931L with firmware unlimited file upload vulnerability | 28 Feb 201500:00 | – | cnvd |
| Unlimited File Upload Vulnerability in Multiple Seagate and LaCie Wireless Storage Products | 10 Sep 201500:00 | – | cnvd |
| Microsoft Internet Explorer Denial of Service Vulnerability (CNVD-2016-01016) | 11 Feb 201600:00 | – | cnvd |
 | Microsoft Internet Explorer Memory Corruption (MS16-009: CVE-2016-0071) | 9 Feb 201600:00 | – | checkpoint_advisories |
 | CVE-2015-2049 | 23 Feb 201517:00 | – | cve |
| CVE-2015-2876 | 31 Dec 201502:00 | – | cve |
| CVE-2016-0071 | 10 Feb 201611:00 | – | cve |
 | CVE-2015-2049 | 23 Feb 201517:00 | – | cvelist |
10
`Multiple Vulnerabilities in TERACOM ROUTER
#Author: Ajay Gowtham aka AJOXR
#Contact: gowtham.ajay5 at gmail.com
#Vulnerability Type: Insecure Upload File Permissions
#Affected Module: Upload Functionality
#Criticality: Medium
#Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+
compliant + WiFi
#Firmware: 10.4.3.12.12
----------------------------------------------------------------------------------------------
Firmware Re-write using Unrestricted Upload of File (Insecure File Contents)
Reference ID: CWE - 434
CVE - ID : CVE-2015-2049, CVE-2015-2876
Ref: https://cwe.mitre.org/data/definitions/434.html
Description: Teracom T2-B-Gawv1.4u10Y-BI Models are having clear type text
contents in Upload
File in Restore Configuration. After Modifying file uploaded malicious
scripts will be executed
in Firmware of the affected model. Which will allow an attacker to carry
out Arbitary Code
Execution.
Reproduce Vulnerability:
Step 1: Go to Admin Pannel, you can find Backup file options to backup
config.
Step 2: Modify Config file Conexant.icf with malicious commands using Text
Editor
Step 3: Re-upload to the device using restore options
Step 4: Router will restart and executes the malicious commands into router.
Step 5: User will be using Malicious Router without concern as it will
remain undetected also in
antivirus.
Solution: An update will be solution.
----------------------------------------------------------------------------------------------
Management Server Link Access to External Resource
Reference ID: CWE - 610
CVE - ID: CVE-2016-0071
Ref: https://cwe.mitre.org/data/definitions/610.html
Description: Teracom T2-B-Gawv1.4u10Y-BI Models accepting link
modifications as no Hard-coded
is provided in Management Server Module. Any User is able to change with
default credentials.
Step 1: Re-write the link in Management Server Module.
Step 2: Apply necessary changes with malicious link.
Step 3: Re-start the server and changes are made.
Solution: Hard code the link parameter to avoid adding external resource
link to the Router.
----------------------------------------------------------------------------------------------
PoC :
https://drive.google.com/folderview?id=0B2p8gG1WpnRnek9GaEl3SXVod3c&usp=sharing
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Sep 2016 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.8453