what you don't know can hurt you

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Hidden Features

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Hidden Features
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have undocumented and hidden features present via the web management interface. These features allow an authenticated attacker to take full control of the device and/or modify internal OS settings, read arbitrary files or even render the device unusable. Many versions are affected.

tags | exploit, web, arbitrary
MD5 | 4a92f4d86bb220e897be6dc5df1fa026

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Hidden Features

Change Mirror Download

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Hidden Features


Vendor: Microhard Systems Inc.
Product web page: http://www.microhardcorp.com
Affected version: IPn4G 1.1.0 build 1098
IPn3Gb 2.2.0 build 2160
IPn4Gb 1.1.6 build 1184-14
IPn4Gb 1.1.0 Rev 2 build 1090-2
IPn4Gb 1.1.0 Rev 2 build 1086
Bullet-3G 1.2.0 Rev A build 1032
VIP4Gb 1.1.6 build 1204
VIP4G 1.1.6 Rev 3.0 build 1184-14
VIP4G-WiFi-N 1.1.6 Rev 2.0.0 build 1196
IPn3Gii / Bullet-3G 1.2.0 build 1076
IPn4Gii / Bullet-LTE 1.2.0 build 1078
BulletPlus 1.3.0 build 1036
Dragon-LTE 1.1.0 build 1036

Summary: The new IPn4Gb provides a rugged, industrial strength wireless solution
using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb
features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control
Lists. The IPn4Gb can transport critical data to and from SMS, Ethernet and Serial
RS232/485/422 devices!

The IPn3Gb provides a fast, secure industrial strength wireless solution that uses
the widespread deployment of cellular network infrastructure for critical data collection.
From remote meters and sensors, to providing mobile network access, the IPn3Gb delivers!
The IPn3Gb is a powerful HSPA+ and Quad Band GSM device compatible almost anywhere. It
provides robust and secure wireless communication of Serial, USB and Ethernet data.

The all new Bullet-3G provides a compact, robust, feature packed industrial strength
wireless solution using fast 3G/HSPA+ network infrastructure. The Bullet-3G takes things
to the next level by providing features such as Ethernet with PoE, RS232 Serial port
and 2x Programmable I/O. Offering enhanced, 'Secure Communication' with its integrated
Firewall, IPSec VPN Tunneling, IP/MAC Access Control Lists, the Bullet-3G is a solution
worth looking at!

The all new Dragon-LTE provides a feature packed, compact OEM, industrial strength
wireless IoT & M2M solution. Connect any device, wired or wireless, and provide remote
cellular access using the Dragon-LTE. The Dragon-LTE features a OEM design for tight
system integration and design flexibility with dual Ethernet Ports and high power
802.11b/g/n WIFI. With its integrated Firewall, IPSec VPN Tunneling and IP/MAC Access
Control Lists, the Dragon-LTE provides a solution for any cellular application!

The new VIP4Gb provides a rugged, industrial strength wireless solution using 4G LTE
network infrastructure for critical data communications. The VIP4Gb provides simultaneous
network connections for 802.11a/b/g/n WiFi devices, 4 x 10/100/1000 Ethernet ports, Digital
I/O, and a RS232/RS485 port, resulting in a communication device that can be deployed in
any application! The VIP4Gb is a powerful 4G LTE device compatible on any cellular network.
It provides robust and secure wireless communication of Serial, Ethernet & WiFi data.

Desc: Plenty of undocumented and hidden features are present via the web management interface.
These features allow an authenticated attacker to take full control of the device and/or modify
internal OS settings, read arbitrary files or even render the device unusable.

Tested on: httpd-ssl-1.0.0
Linux 2.6.32.9 (Bin@DProBuilder) (gcc version 4.4.3)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2018-5482
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5482.php


13.03.2018

--


http://192.168.1.1/cgi-bin/webif/conf-bclc.sh - BCLC Configuration
http://192.168.1.1/cgi-bin/webif/coova-chilli.sh - hotspot configuration
http://192.168.1.1/cgi-bin/webif/hardware.sh - info hardware device model
http://192.168.1.1/cgi-bin/webif/info-about.sh - vip 2.0 scrolling info
http://192.168.1.1/cgi-bin/webif/info-notes.sh - notes (between adminz?)
http://192.168.1.1/cgi-bin/webif/ipsec.sh - ipsec tool
Usage: http://192.168.1.1/cgi-bin/webif/ipsec.sh?cmd=listall|status|enable-debug|disable-debug|cat-secrets|syslog|cat-conf|gre-tunnel|vpnlog
http://192.168.1.1/cgi-bin/webif/ipsec.sh?cmd=syslog i tako dalje.
http://192.168.1.1/cgi-bin/webif/log-browse.sh - netfilter log
http://192.168.1.1/cgi-bin/webif/log-dmesg.sh - kernel ring buffer dmesg log, linux version i DMESG related shit.
http://192.168.1.1/cgi-bin/webif/log-read.sh - syslog messages
http://192.168.1.1/cgi-bin/webif/log-setup.sh - log settings (remote, local, kernel log, boot time log)
http://192.168.1.1/cgi-bin/webif/mcast.sh - multicast configuration
http://192.168.1.1/cgi-bin/webif/module-forceLN930upgrade.sh - ln930 upgrade forceably
http://192.168.1.1/cgi-bin/webif/network-ddns.sh - DynDNS settings
http://192.168.1.1/cgi-bin/webif/network-firewall.sh - Firewall configuration (more options than the documented firewall config page)
http://192.168.1.1/cgi-bin/webif/network-gre.sh - add new tunnel override gre-summary
http://192.168.1.1/cgi-bin/webif/network-hosts.sh - Configured hosts, add/remove hosts in /etc/hosts file.
http://192.168.1.1/cgi-bin/webif/module-upgrade.sh - module upgrade module firmware upgrade
http://192.168.1.1/cgi-bin/webif/network-misc.sh - networking tweaks, max conns, timeout, icmp timeout, udp stream timeout, etc.
http://192.168.1.1/cgi-bin/webif/network-mroutes.sh - routes configuration, static, dynamic, summary
http://192.168.1.1/cgi-bin/webif/network-qos.sh - QoS configuration, qos packages to install
http://192.168.1.1/cgi-bin/webif/network-routes.sh - more routes info and edit page
http://192.168.1.1/cgi-bin/webif/network-services.sh - UPnP configuration, miniupnd install and linuxigd install daemons
http://192.168.1.1/cgi-bin/webif/network-vlan.sh - network VLANs configuration
http://192.168.1.1/cgi-bin/webif/network-wakeonlan.sh - Wake-On-LAN
http://192.168.1.1/cgi-bin/webif/network-wan.sh - network wan configuration
http://192.168.1.1/cgi-bin/webif/network-wlan.sh - wireless configuration
http://192.168.1.1/cgi-bin/webif/ptcheck.sh - Production Check Process, model info, voltage, version bla bla
http://192.168.1.1/cgi-bin/webif/qos-class.sh - QoS class configuration, mode, wan/lan port
http://192.168.1.1/cgi-bin/webif/qos-global.sh - qos global config
http://192.168.1.1/cgi-bin/webif/qos-local.sh - qos local config
http://192.168.1.1/cgi-bin/webif/qos-status.sh - qos statistics (qos mode is disabled ima poruka :P)
http://192.168.1.1/cgi-bin/webif/radioip.sh - NanoIP Radio Configuration
http://192.168.1.1/cgi-bin/webif/status-asterisk.sh - Asterisk Simple Management (install asterisk packages)
http://192.168.1.1/cgi-bin/webif/status-basic.sh - device status, ram usage, tracked connections
http://192.168.1.1/cgi-bin/webif/status-conntrackread.sh - contrack table from status-basic.sh ;]
http://192.168.1.1/cgi-bin/webif/status-connection.sh - netstat info
http://192.168.1.1/cgi-bin/webif/status-crontabs.sh - Cron Tables list
http://192.168.1.1/cgi-bin/webif/status-interfaces.sh - network interfaces, wan, lan
http://192.168.1.1/cgi-bin/webif/status-iperf.sh - iperf network performance measurement tool (application/transport layer)
http://192.168.1.1/cgi-bin/webif/status-iptables.sh - iptables status details
http://192.168.1.1/cgi-bin/webif/status-leases.sh - dhcp leases
http://192.168.1.1/cgi-bin/webif/status-modules.sh - loaded kernel modules
http://192.168.1.1/cgi-bin/webif/status-pppoe.sh - PPPoE status, connect, disconnect, reconnect, etc.
http://192.168.1.1/cgi-bin/webif/status-processes.sh - running processes, once clicked stop refreshing, you have a chance to choose which process to send which signal from 31 signals.
http://192.168.1.1/cgi-bin/webif/status-qos.sh - qos stats
http://192.168.1.1/cgi-bin/webif/status-usb.sh - USB devices list
http://192.168.1.1/cgi-bin/webif/system-ipkg.sh - Packages add repository, uninstall binaries.
http://192.168.1.1/cgi-bin/webif/system-confman.sh - Backup and Restore, reset VIP421.config file
http://192.168.1.1/cgi-bin/webif/system-crontabs.sh - crontab configuration, edit, add, remove jobs
http://192.168.1.1/cgi-bin/webif/system-editor.sh - file editor, view, delete, modify any file
http://192.168.1.1/cgi-bin/webif/system-mount.sh - mountpoints, create, remove, modify
http://192.168.1.1/cgi-bin/webif/system-services.sh - available services, telnet, ssh, ftp, auto, enable, disable, port change.
http://192.168.1.1/cgi-bin/webif/system-snmp.sh - SNMP settings, community name, v3 auth pass, trap name
http://192.168.1.1/cgi-bin/webif/system-startup.sh - system startup, /etc/init.d/custom-user-startup file /etc/rc.common i tako dalje
http://192.168.1.1/cgi-bin/webif/tools-iperf.sh - uperf network performance measurement tool
http://192.168.1.1/cgi-bin/webif/tools-log-browser.sh - netfilter log
http://192.168.1.1/cgi-bin/webif/tools-wlan-rxonlymode.sh - WLAN Rx Only Mode Configuration
http://192.168.1.1/cgi-bin/webif/verizon.sh - Verizon Test Page, modify CGDCONT to test, Resume CGDCONT

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    7 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close