exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

DIGISOL DG-HR1400 1.00.02 Privilege Escalation

DIGISOL DG-HR1400 1.00.02 Privilege Escalation
Posted Mar 20, 2017
Authored by Indrajith A.N

DIGISOL DG-HR1400 wireless router version 1.00.02 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-6896
SHA-256 | 5e52614e0bcb8caab5bff1218a8c104a19f4d4c0eb1c69cab062ce57672bd288

DIGISOL DG-HR1400 1.00.02 Privilege Escalation

Change Mirror Download
Title:
======

Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.

CVE Details:
============
CVE-2017-6896

Reference:
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896
https://vuldb.com/sv/?id.97954
https://www.indrajithan.com/DIGISOL_router_previlage_escaltion


Credit:
======

Name: Indrajith.A.N
Website: https://www.indrajithan.com

Date:
====

13-03-2017

Vendor:
======

DIGISOL router is a product of Smartlink Network Systems Ltd. is one of India's leading networking company. It was established in the year 1993 to prop the Indian market in the field of Network Infrastructure.

Product:
=======

DIGISOL DG-HR1400 is a wireless Router


Product link: http://wifi.digisol.com/datasheets/DG-HR1400.pdf

Abstract details:
=================

privilege escalation vulnerability in the DIGISOL DG-HR1400 wireless router enables an attacker escalate his user privilege to an admin just by modifying the Base64encoded session cookie value

Affected Version:
=============

<=1.00.02


Exploitation-Technique:
===================

Remote


Severity Rating:
===================

8


Proof Of Concept :
==================

1) Login to the router as a User where router sets the session cookie value to VVNFUg== (Base64 encode of "USER")
2) So Encode "ADMIN" to base64 and force set the session cookie value to QURNSU4=
3) Refresh the page and you are able to escalate your USER privileges to ADMIN.


Disclosure Timeline:
======================================
Vendor Notification: 13/03/17

Login or Register to add favorites

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    66 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close