Geneko Routers Information Disclosure

2017-10-24T00:00:00
ID SSV:96775
Type seebug
Reporter Root
Modified 2017-10-24T00:00:00

Description

Vulnerability Summary

The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21

Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G and 4G cellular technologies.”

Credit

An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response

We tried to contact Geneko since August 2 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Vulnerability Details

If the administrator has previously backed up the configuration file, then the attacker can access

https://IP/configuration/confFile.bkg

And get the configuration file with the admin password.