Lucene search
K

TP-Link TD-W8901G Default Credentials / Authentcation Bypass

🗓️ 20 Aug 2017 00:00:00Reported by Vuppala DhanunjayaType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 39 Views

TP-Link TD-W8901G Default Credentials & Authentication Bypass vulnerability on RomPager Embedded Web Server

Code
`#Exploit Title: MULTIPLE VULNERABILITIES ON TP-LINK  
# Date: [10-08-2017]  
# Exploit Author: [v.Dhanunjaya]  
# Vendor Homepage: [http://www.tp-link.in/]  
# AFFECTED FRIMWARE : TD-W8901G  
# Tested on: [Windows 10,ubuntu 14.04 LTS]  
# Email : [email protected]  
# Support : CRYPTONIC_RAPTURES  
  
  
TARGET : http://XX.XXX.XXX.XXX:8080  
  
VULNERABILITIES FOUND DEFAULT CREDENTIALS & AUTHENTICATION BYPASS  
  
1) Default Admin Credentials  
  
According to the TD-W8901g manual the web interface has default credentials.  
  
Open a web browser (google chrome or firefox etc.), key in 192.168.1.1 in  
the address bar and press enter. The default username and password are both  
aadmina (all in lower case)  
  
2) AUTHENTICATION BYPASS  
  
A dangerous vulnerability present on many network devices which are using  
RomPager  
Embedded Web Server. Attacker is able to get your ISP password, wireless  
password and other sensitive information  
by issuing single HTTP GET request to a/rom-0a URI. Mentioned information  
disclosure is present in RomPager Embedded Web Server. Affected devices  
include ZTE, TP-Link, ZynOS, Huawei and many others.  
  
->open the target address in your web Browser http://wwww.XXX.XXX.XXX.X:8080  
->Now add /rom-0 to your target address.Then a rom-0 file will be  
downloaded  
->Now upload rom-0 file to the website http://www.routerpwn.com/zynos/ for  
decompression.Once it decoded you can get plain text passwords  
  
THANKYOU  
  
Regards,  
  
*V.DHANUNJAYA*  
*IT SECURITY AND CYBER FORENSICS ANALYST*  
  
[image: mobile]  
+91-8341312454 <https://si.gnatu.re/#>  
[image: email] <https://si.gnatu.re/#[email protected]>  
[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation