Search...

Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 Access Bypass Vulnerabilities

2016-10-25T00:00:00

ID 1337DAY-ID-26083
Type zdt
Reporter Nassim Asrir
Modified 2016-10-25T00:00:00

Description

Industrial Secure Routers versions EDR-G903, EDR-G902, and EDR-G903 allow for unauthenticated administrative access.

                                        
                                            Title: Industrial Secure Routers - Insecure Configuration Management
Type: Local/Remote
Author: Nassim Asrir
Author Company: HenceForth
Impact: Insecure Configuration Management
Risk: (4/5)
Release Date: 22.10.2016

Summary:
Moxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.
The EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically 
designed for automation networks,which protects the integrity of remote access and critical devices.

description:

Using this Vulnerability we can change the Admin configuration without knowing Password & Username

Because the form for change the configurations is Insecure.

Vendor:
http://www.moxa.com/product/Industrial_Secure_Routers.htm

Affected Version:
EDR-810, EDR-G902 and EDR-G903

Tested On:
Linux // Dist (Bugtraq 2)

Vendor Status:
I told them and i wait for the answer.

PoC:
- when you navigate the server automatically you redirect to the login page (http://site/login.asp).

- so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.

Credits
Vulnerability discovered by Nassim Asrir  - &lt;[email protected]&gt;

#  0day.today [2018-02-02]  #

JSON Vulners Source

Initial Source

{"href": "https://0day.today/exploit/description/26083", "sourceData": "Title: Industrial Secure Routers - Insecure Configuration Management\r\nType: Local/Remote\r\nAuthor: Nassim Asrir\r\nAuthor Company: HenceForth\r\nImpact: Insecure Configuration Management\r\nRisk: (4/5)\r\nRelease Date: 22.10.2016\r\n\r\nSummary:\r\nMoxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.\r\nThe EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically \r\ndesigned for automation networks,which protects the integrity of remote access and critical devices.\r\n\r\ndescription:\r\n\r\nUsing this Vulnerability we can change the Admin configuration without knowing Password & Username\r\n\r\nBecause the form for change the configurations is Insecure.\r\n\r\nVendor:\r\nhttp://www.moxa.com/product/Industrial_Secure_Routers.htm\r\n\r\nAffected Version:\r\nEDR-810, EDR-G902 and EDR-G903\r\n\r\nTested On:\r\nLinux // Dist (Bugtraq 2)\r\n\r\nVendor Status:\r\nI told them and i wait for the answer.\r\n\r\nPoC:\r\n- when you navigate the server automatically you redirect to the login page (http://site/login.asp).\r\n\r\n- so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.\r\n\r\nCredits\r\nVulnerability discovered by Nassim Asrir - <[email\u00a0protected]>\n\n# 0day.today [2018-02-02] #", "bulletinFamily": "exploit", "modified": "2016-10-25T00:00:00", "title": "Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 Access Bypass Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://0day.today/exploit/26083", "cvelist": [], "description": "Industrial Secure Routers versions EDR-G903, EDR-G902, and EDR-G903 allow for unauthenticated administrative access.", "viewCount": 6, "published": "2016-10-25T00:00:00", "edition": 1, "id": "1337DAY-ID-26083", "type": "zdt", "lastseen": "2018-02-02T03:14:38", "reporter": "Nassim Asrir", "enchantments": {"score": {"value": 1.3, "vector": "NONE", "modified": "2018-02-02T03:14:38", "rev": 2}, "dependencies": {"references": [], "modified": "2018-02-02T03:14:38", "rev": 2}, "vulnersScore": 1.3}, "references": []}