Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability

2010-03-11T00:00:00
ID SECURITYVULNS:DOC:23365
Type securityvulns
Reporter Securityvulns
Modified 2010-03-11T00:00:00

Description

========================================= Yaniv Miron aka "Lament" Advisory March 7, 2010 Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability =========================================

===================== I. BACKGROUND ===================== Based on the company’s technical expertise and a decade of hands-on experience in the telecom industry, Friendly’s solution is a ROBUST, SCALABLE, SECURED, TELCO GRADE and COST-EFFECTIVE TR-069 solution. The TR-069 protocol was accepted as the standard for CPE management by the DSL, WiMAX, NGN / Optical network providers (some Cable operators are deploying TR-069 as well).

Device Management & Auto Provisioning

Friendly’s TR-069 solution delivers comprehensive remote management and auto-provisioning of CPEs that support the TR-069 standard - including modem/routers, IPTV/ STBs, ATA/VoIP, storage devices, media centers, etc.

http://www.friendly-tech.com/remotemamagment.asp

===================== II. DESCRIPTION =====================

The Friendly-Tech FriendlyTR69 CPE Remote Management is prone to SQL injection attacks.

===================== III. ANALYSIS =====================

The vulnerability occurs due to insufficient sanitization of user-supplied data when logging onto the FriendlyTR69 CPE Remote Management.

Successful exploitation may result in an attacker obtaining admin access to the FriendlyTR69 CPE Remote Management.

===================== IV. EXPLOIT =====================

Username: ' or 1=1-- Password: ' or 1=1--

===================== V. DISCLOSURE TIMELINE =====================

Jan 2009 Vulnerability Found Jan 2009 Vendor Notification March 2010 Public Disclosure

===================== VI. CREDIT =====================

Yaniv Miron aka "Lament". lament@ilhack.org