38 lines
No EOL
1.3 KiB
Text
38 lines
No EOL
1.3 KiB
Text
Title: Industrial Secure Routers - Insecure Configuration Management
|
|
Type: Local/Remote
|
|
Author: Nassim Asrir
|
|
Author Company: HenceForth
|
|
Impact: Insecure Configuration Management
|
|
Risk: (4/5)
|
|
Release Date: 22.10.2016
|
|
|
|
Summary:
|
|
Moxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.
|
|
The EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically
|
|
designed for automation networks,which protects the integrity of remote access and critical devices.
|
|
|
|
description:
|
|
|
|
Using this Vulnerability we can change the Admin configuration without knowing Password & Username
|
|
|
|
Because the form for change the configurations is Insecure.
|
|
|
|
Vendor:
|
|
http://www.moxa.com/product/Industrial_Secure_Routers.htm
|
|
|
|
Affected Version:
|
|
EDR-810, EDR-G902 and EDR-G903
|
|
|
|
Tested On:
|
|
Linux // Dist (Bugtraq 2)
|
|
|
|
Vendor Status:
|
|
I told them and i wait for the answer.
|
|
|
|
PoC:
|
|
- when you navigate the server automatically you redirect to the login page (http://site/login.asp).
|
|
|
|
- so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.
|
|
|
|
Credits
|
|
Vulnerability discovered by Nassim Asrir - <wassline@gmail.com> |