Vulners
Lucene search
Tenda N3 Wireless N150 Home Router - Authentication Bypass Vulnerability
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2015-5995 | 3 Sep 201500:00 | – | circl |
 | Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N Security Bypass Vulnerability | 20 Sep 201500:00 | – | cnvd |
 | CVE-2015-5995 | 31 Dec 201502:00 | – | cve |
 | CVE-2015-5995 | 31 Dec 201502:00 | – | cvelist |
 | Tenda N3 Wireless N150 Router - Authentication Bypass | 3 Sep 201500:00 | – | exploitdb |
 | Tenda N3 Wireless N150 Router - Authentication Bypass | 3 Sep 201500:00 | – | exploitpack |
 | CVE-2015-5995 | 31 Dec 201505:59 | – | nvd |
 | Design/Logic Flaw | 31 Dec 201505:59 | – | prion |
 | Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities | 3 Sep 201500:00 | – | cert |
# Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers
# Date: 03-09-2015
# Software Link: http://tendacn.com/en/product/N150.html
# Exploit Author: Mandeep Jadon
# Contact: http://twitter.com/1337tr0lls
# Website: http://twitter.com/1337tr0lls
# CVE: CVE-2015-5995
# Category: Device
Description:
The router (AP) is using very poor authentication mechanism . It uses a
static cookie to verify the incoming authentication. After careful
inspection it was found that the cookie used were same for any number of
authentication by the Admin .
Thus the cookie can be easily forged and the admin account could be
compromised without supplying the credentials .
Proof Of Concept:
Inject the following cookie in the browser with the given values :
admin:language : en
Reload the page . You are logged into the admin account .
Video POC : https://www.youtube.com/watch?v=dvF-7KK0g6E
Mitigation :
Use: a secure authentication mechanism consisting of random , complex
cookies .
References :
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5995
https://www.kb.cert.org/vuls/id/630872
# 0day.today [2018-03-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Feb 2017 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.38203