Lucene search
+L

Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 Access Bypass

🗓️ 23 Oct 2016 00:00:00Reported by Nassim AsrirType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 39 Views

Industrial Secure Routers - Insecure Configuration Management. Vulnerability allows unauthorized admin configuration changes without knowing username or password

Code
`Title: Industrial Secure Routers - Insecure Configuration Management  
Type: Local/Remote  
Author: Nassim Asrir  
Author Company: HenceForth  
Impact: Insecure Configuration Management  
Risk: (4/5)  
Release Date: 22.10.2016  
  
Summary:  
Moxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.  
The EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically   
designed for automation networks,which protects the integrity of remote access and critical devices.  
  
description:  
  
Using this Vulnerability we can change the Admin configuration without knowing Password & Username  
  
Because the form for change the configurations is Insecure.  
  
Vendor:  
http://www.moxa.com/product/Industrial_Secure_Routers.htm  
  
Affected Version:  
EDR-810, EDR-G902 and EDR-G903  
  
Tested On:  
Linux // Dist (Bugtraq 2)  
  
Vendor Status:  
I told them and i wait for the answer.  
  
PoC:  
- when you navigate the server automatically you redirect to the login page (http://site/login.asp).  
  
- so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.  
  
Credits  
Vulnerability discovered by Nassim Asrir - <[email protected]>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation