Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TrendNet AUTHORIZED_GROUP Information Disclosure Vulnerability

🗓️ 14 Feb 2018 00:00:00Reported by SecuriTeamType 
zdt
 zdt🔗 0day.today👁 32 Views

TrendNet routers AUTHORIZED_GROUP Information Disclosure Vulnerabilit

Code
TrendNet AUTHORIZED_GROUP Information Disclosure

Full report: https://blogs.securiteam.com/index.php/archives/3627
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes an information disclosure found in the
following TrendNet routers:

 * TEW-751DR – v1.03B03
 * TEW-752DRU – v1.03B01
 * TEW733GR – v1.03B01

TRENDnet’s “N600 Dual Band Wireless Router, model TEW-751DR, offers proven
concurrent Dual Band 300 Mbps Wireless N networking. Embedded GREENnet
technology reduces power consumption by up to 50%. For your convenience
this router comes pre-encrypted and features guest networks. Seamlessly
stream HD video with this powerful router.”

Credit
An independent security researcher has reported this vulnerability to
Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Several attempts to email TrendNet went unanswered, we have no idea what is
the status of a fix or availability of a workaround.

Vulnerability details
When an Admin is log-in to one of the mentioned TrendNet routers – it will
trigger the global variable: $AUTHORIZED_GROUP >= 1.

An attacker can use this global variable to bypass security checks and use
it to read arbitrary files.

Proof of Concept
$ curl -d "SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1" "http://
[IP]/getcfg.php"

#  0day.today [2018-04-01]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Feb 2018 00:00Current
trendnet routersinformation disclosureauthorized_groupvulnerabilitysecurity researcherbeyond securitysecuriteam secure disclosure programadmin loginglobal variablebypass security checksproof of concept
32