Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormLiquidWormPACKETSTORM:148569
HistoryJul 16, 2018 - 12:00 a.m.

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Hidden Features

2018-07-1600:00:00
LiquidWorm
packetstormsecurity.com
42
JSON
`  
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Hidden Features  
  
  
Vendor: Microhard Systems Inc.  
Product web page: http://www.microhardcorp.com  
Affected version: IPn4G 1.1.0 build 1098  
IPn3Gb 2.2.0 build 2160  
IPn4Gb 1.1.6 build 1184-14  
IPn4Gb 1.1.0 Rev 2 build 1090-2  
IPn4Gb 1.1.0 Rev 2 build 1086  
Bullet-3G 1.2.0 Rev A build 1032  
VIP4Gb 1.1.6 build 1204  
VIP4G 1.1.6 Rev 3.0 build 1184-14  
VIP4G-WiFi-N 1.1.6 Rev 2.0.0 build 1196  
IPn3Gii / Bullet-3G 1.2.0 build 1076  
IPn4Gii / Bullet-LTE 1.2.0 build 1078  
BulletPlus 1.3.0 build 1036  
Dragon-LTE 1.1.0 build 1036  
  
Summary: The new IPn4Gb provides a rugged, industrial strength wireless solution  
using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb  
features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control  
Lists. The IPn4Gb can transport critical data to and from SMS, Ethernet and Serial  
RS232/485/422 devices!  
  
The IPn3Gb provides a fast, secure industrial strength wireless solution that uses  
the widespread deployment of cellular network infrastructure for critical data collection.  
From remote meters and sensors, to providing mobile network access, the IPn3Gb delivers!  
The IPn3Gb is a powerful HSPA+ and Quad Band GSM device compatible almost anywhere. It  
provides robust and secure wireless communication of Serial, USB and Ethernet data.  
  
The all new Bullet-3G provides a compact, robust, feature packed industrial strength  
wireless solution using fast 3G/HSPA+ network infrastructure. The Bullet-3G takes things  
to the next level by providing features such as Ethernet with PoE, RS232 Serial port  
and 2x Programmable I/O. Offering enhanced, 'Secure Communication' with its integrated  
Firewall, IPSec VPN Tunneling, IP/MAC Access Control Lists, the Bullet-3G is a solution  
worth looking at!  
  
The all new Dragon-LTE provides a feature packed, compact OEM, industrial strength  
wireless IoT & M2M solution. Connect any device, wired or wireless, and provide remote  
cellular access using the Dragon-LTE. The Dragon-LTE features a OEM design for tight  
system integration and design flexibility with dual Ethernet Ports and high power  
802.11b/g/n WIFI. With its integrated Firewall, IPSec VPN Tunneling and IP/MAC Access  
Control Lists, the Dragon-LTE provides a solution for any cellular application!  
  
The new VIP4Gb provides a rugged, industrial strength wireless solution using 4G LTE  
network infrastructure for critical data communications. The VIP4Gb provides simultaneous  
network connections for 802.11a/b/g/n WiFi devices, 4 x 10/100/1000 Ethernet ports, Digital  
I/O, and a RS232/RS485 port, resulting in a communication device that can be deployed in  
any application! The VIP4Gb is a powerful 4G LTE device compatible on any cellular network.  
It provides robust and secure wireless communication of Serial, Ethernet & WiFi data.  
  
Desc: Plenty of undocumented and hidden features are present via the web management interface.  
These features allow an authenticated attacker to take full control of the device and/or modify  
internal OS settings, read arbitrary files or even render the device unusable.  
  
Tested on: httpd-ssl-1.0.0  
Linux 2.6.32.9 (Bin@DProBuilder) (gcc version 4.4.3)  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2018-5482  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5482.php  
  
  
13.03.2018  
  
--  
  
  
http://192.168.1.1/cgi-bin/webif/conf-bclc.sh - BCLC Configuration  
http://192.168.1.1/cgi-bin/webif/coova-chilli.sh - hotspot configuration  
http://192.168.1.1/cgi-bin/webif/hardware.sh - info hardware device model  
http://192.168.1.1/cgi-bin/webif/info-about.sh - vip 2.0 scrolling info  
http://192.168.1.1/cgi-bin/webif/info-notes.sh - notes (between adminz?)  
http://192.168.1.1/cgi-bin/webif/ipsec.sh - ipsec tool  
Usage: http://192.168.1.1/cgi-bin/webif/ipsec.sh?cmd=listall|status|enable-debug|disable-debug|cat-secrets|syslog|cat-conf|gre-tunnel|vpnlog   
http://192.168.1.1/cgi-bin/webif/ipsec.sh?cmd=syslog i tako dalje.  
http://192.168.1.1/cgi-bin/webif/log-browse.sh - netfilter log  
http://192.168.1.1/cgi-bin/webif/log-dmesg.sh - kernel ring buffer dmesg log, linux version i DMESG related shit.  
http://192.168.1.1/cgi-bin/webif/log-read.sh - syslog messages  
http://192.168.1.1/cgi-bin/webif/log-setup.sh - log settings (remote, local, kernel log, boot time log)  
http://192.168.1.1/cgi-bin/webif/mcast.sh - multicast configuration  
http://192.168.1.1/cgi-bin/webif/module-forceLN930upgrade.sh - ln930 upgrade forceably  
http://192.168.1.1/cgi-bin/webif/network-ddns.sh - DynDNS settings  
http://192.168.1.1/cgi-bin/webif/network-firewall.sh - Firewall configuration (more options than the documented firewall config page)  
http://192.168.1.1/cgi-bin/webif/network-gre.sh - add new tunnel override gre-summary  
http://192.168.1.1/cgi-bin/webif/network-hosts.sh - Configured hosts, add/remove hosts in /etc/hosts file.  
http://192.168.1.1/cgi-bin/webif/module-upgrade.sh - module upgrade module firmware upgrade  
http://192.168.1.1/cgi-bin/webif/network-misc.sh - networking tweaks, max conns, timeout, icmp timeout, udp stream timeout, etc.  
http://192.168.1.1/cgi-bin/webif/network-mroutes.sh - routes configuration, static, dynamic, summary  
http://192.168.1.1/cgi-bin/webif/network-qos.sh - QoS configuration, qos packages to install  
http://192.168.1.1/cgi-bin/webif/network-routes.sh - more routes info and edit page  
http://192.168.1.1/cgi-bin/webif/network-services.sh - UPnP configuration, miniupnd install and linuxigd install daemons  
http://192.168.1.1/cgi-bin/webif/network-vlan.sh - network VLANs configuration  
http://192.168.1.1/cgi-bin/webif/network-wakeonlan.sh - Wake-On-LAN  
http://192.168.1.1/cgi-bin/webif/network-wan.sh - network wan configuration  
http://192.168.1.1/cgi-bin/webif/network-wlan.sh - wireless configuration  
http://192.168.1.1/cgi-bin/webif/ptcheck.sh - Production Check Process, model info, voltage, version bla bla  
http://192.168.1.1/cgi-bin/webif/qos-class.sh - QoS class configuration, mode, wan/lan port  
http://192.168.1.1/cgi-bin/webif/qos-global.sh - qos global config  
http://192.168.1.1/cgi-bin/webif/qos-local.sh - qos local config  
http://192.168.1.1/cgi-bin/webif/qos-status.sh - qos statistics (qos mode is disabled ima poruka :P)  
http://192.168.1.1/cgi-bin/webif/radioip.sh - NanoIP Radio Configuration  
http://192.168.1.1/cgi-bin/webif/status-asterisk.sh - Asterisk Simple Management (install asterisk packages)  
http://192.168.1.1/cgi-bin/webif/status-basic.sh - device status, ram usage, tracked connections  
http://192.168.1.1/cgi-bin/webif/status-conntrackread.sh - contrack table from status-basic.sh ;]  
http://192.168.1.1/cgi-bin/webif/status-connection.sh - netstat info  
http://192.168.1.1/cgi-bin/webif/status-crontabs.sh - Cron Tables list  
http://192.168.1.1/cgi-bin/webif/status-interfaces.sh - network interfaces, wan, lan  
http://192.168.1.1/cgi-bin/webif/status-iperf.sh - iperf network performance measurement tool (application/transport layer)  
http://192.168.1.1/cgi-bin/webif/status-iptables.sh - iptables status details  
http://192.168.1.1/cgi-bin/webif/status-leases.sh - dhcp leases  
http://192.168.1.1/cgi-bin/webif/status-modules.sh - loaded kernel modules  
http://192.168.1.1/cgi-bin/webif/status-pppoe.sh - PPPoE status, connect, disconnect, reconnect, etc.  
http://192.168.1.1/cgi-bin/webif/status-processes.sh - running processes, once clicked stop refreshing, you have a chance to choose which process to send which signal from 31 signals.  
http://192.168.1.1/cgi-bin/webif/status-qos.sh - qos stats  
http://192.168.1.1/cgi-bin/webif/status-usb.sh - USB devices list  
http://192.168.1.1/cgi-bin/webif/system-ipkg.sh - Packages add repository, uninstall binaries.  
http://192.168.1.1/cgi-bin/webif/system-confman.sh - Backup and Restore, reset VIP421.config file  
http://192.168.1.1/cgi-bin/webif/system-crontabs.sh - crontab configuration, edit, add, remove jobs  
http://192.168.1.1/cgi-bin/webif/system-editor.sh - file editor, view, delete, modify any file  
http://192.168.1.1/cgi-bin/webif/system-mount.sh - mountpoints, create, remove, modify  
http://192.168.1.1/cgi-bin/webif/system-services.sh - available services, telnet, ssh, ftp, auto, enable, disable, port change.  
http://192.168.1.1/cgi-bin/webif/system-snmp.sh - SNMP settings, community name, v3 auth pass, trap name  
http://192.168.1.1/cgi-bin/webif/system-startup.sh - system startup, /etc/init.d/custom-user-startup file /etc/rc.common i tako dalje  
http://192.168.1.1/cgi-bin/webif/tools-iperf.sh - uperf network performance measurement tool  
http://192.168.1.1/cgi-bin/webif/tools-log-browser.sh - netfilter log  
http://192.168.1.1/cgi-bin/webif/tools-wlan-rxonlymode.sh - WLAN Rx Only Mode Configuration  
http://192.168.1.1/cgi-bin/webif/verizon.sh - Verizon Test Page, modify CGDCONT to test, Resume CGDCONT  
`
JSON