Some DLink Routers are vulnerable to OS Command injection in the web interface. On DIR-645 versions prior 1.03 authentication isn't needed to exploit it. On version 1.03 authentication is needed in order to trigger the vulnerability, which has been fixed definitely on version 1.04. Other DLink products, like DIR-300 rev B and DIR-600, are also affected by this vulnerability. Not every device includes wget which we need for deploying our payload. On such devices you could use the cmd generic payload and try to start telnetd or execute other commands. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module has been tested successfully on DIR-645 prior to 1.03, where authentication isn't needed in order to exploit the vulnerability.
f2ceeefd8dbcad542f7e425fc2a4629e678ed768c94c49906f4e9341a1042096Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values.
842e633a501f723e29c147350b0f672da78b474050f74be28f55d1501d673b3cD-Link devices DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 all suffer from a remote command injection vulnerability.
17eb6a8037069b38384464fb6033053265e37d9e03348a06ffc828a643e35041Some Netgear Routers are vulnerable to authenticated OS Command injection. The vulnerability exists in the web interface, specifically in the setup.cgi component, when handling the TimeToLive parameter. Default credentials are always a good starting point, admin/admin or admin/password could be a first try. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.
623ce5343f36444ea84dd10286be202aa0da4fc1e9e606d5ba8d7544d69fb889Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.
b0afd45182320ce4cbe58cfbaef05397334c74a08e5a150118bf0469c6dc9d01Some Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).
08146370ff7e87193e0ac650501ba578d139728fdb5da79083867c3d68983b6cNetgear DGN2200B suffers from remote command injection and cross site scripting vulnerabilities.
634264ce1a769f340ba92a3a358816a469ffa2e4015e8b04265695279dba696dThe Edimax EW-7206APg and EW-7209APg suffer from cross site scripting, HTTP header injection, and open redirection vulnerabilities.
caf5494f483d9fdfdddc161b8ffa759d8caa9aa9cf89ce0b6c0d0e843b783136The TP-Link TL-WA701N and TL-WA701ND suffer from stored cross site scripting and directory traversal vulnerabilities.
94e97a9978ccdf366f647fe8f6856515428f710579e8124bc4f97d8d7503a1d9Raidsonic versions IB-NAS5220 and IB-NAS4220-B suffer from authentication bypass and persistent cross site scripting vulnerabilities.
fe8f5e0eadcb9f646b6f562ce732f7187fcdd832bcb2a1a6a738e78ba597f151OpenPLI Dream Multimedia Box suffers from cross site scripting and remote OS command injection vulnerabilities.
f5d4feb4ba89383043e9c71ed9f5ca9c4929fef7a2cf63360283140f9e11618cLinksys E1500 and E2500 suffer from cross site request forgery, cross site scripting, remote command injection, and directory traversal vulnerabilities.
8f4ca31ed3ff1f131edf930a3e632c1433e475e164124e9a7516f54e7b1af180Linksys WRT160N suffers from cross site scripting, cross site request forgery, and remote command injection vulnerabilities.
39b1aacd1083769cd903e8b6c46c0bcef01ce5e97ca668800168ca3378fa2176D-Link DIR-615 rev H suffers from cross site request forgery, information disclosure, and remote command injection vulnerabilities.
41b970b21adea1850727bf853c7a64b9e73638cbc268a00e301d4a225d17b956Linksys WAG200G suffers from cross site scripting and remote command injection vulnerabilities.
2b6dddc567f756cb697c510a2e5bf2220a9fb207d776b1a3492dc2707810ea56The Netgear N150 Wireless ADSL2+ Modem Router DGN1000 suffers from cross site scripting, OS command injection, and insecure cryptographic storage vulnerabilities. Firmware versions 1.1.00.24 and 1.1.00.45 are affected.
dcec7c5cda6f10f1bbcd85f15e43d09cfdc1cbee7d31d660686584eb925c0e5cLinksys models E1500 and E2500 suffer from cross site request forgery, cross site scripting, OS command injection, and directory traversal vulnerabilities.
2190f55bd127ac7423c9c743f4167459612f148b992042f0bd75b4b858c6d942D-Link DIR-600 and DIR-300 suffer insecure cryptographic storage, remote command execution, information disclosure, and insecure password changing vulnerabilities.
0d610f0e7ac87b76802448b2ddefebf0a4f7d53a027f9b0de1b8a4e6d745c155Netgear SPH200D suffers from cross site scripting, path disclosure, and directory traversal vulnerabilities.
feb81bf5c98699eaaac241a0def910ecd684f41727637e5be8c37af1a136cd6aLinksys WRT54GL version 1.1 suffers from remote OS command injection and cross site scripting vulnerabilities.
c747a4881fe6f7e8e70cf9b1b6b621bdf6fad806004ab724ba2805579af13185Webby Webserver version 1.01 suffers from a buffer overflow vulnerability.
c1efddb1b13c33f48bca2724a4a2cd55dd316b60fd3c13ef1e71beab2ce48b4e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed