bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/43402.txt
Offensive Security 267f841bd8 DB: 2017-12-28 
9 changes to exploits/shellcodes

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service
ALLMediaServer 0.95 - Buffer Overflow

Sony Playstation 4 4.05 FW - Local Kernel Loader
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
Easy!Appointments 1.2.1 - Cross-Site Scripting
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download
2017-12-28 05:02:19 +00:00

53 lines
No EOL
2.6 KiB
Text
Raw Blame History

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak
Vendor: Telesquare Co., Ltd.
Product web page: http://www.telesquare.co.kr
Affected version: FwVer: SDT-CS3B1, sw version 1.2.0
LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
Summary: We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G
LTE wireless communication based LTE router product.
Desc: Insecure direct object references occur when an application
provides direct access to objects based on user-supplied input. As
a result of this vulnerability attackers can bypass authorization
and access resources and functionalities in the system.
Tested on: lighttpd/1.4.20
Linux mips
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2017-5445
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php
22.12.2017
--
/home.html << Version and status info leak (firmware, device, type, modem, lte)
/index.html << Version and status info leak (firmware, device, type, modem, lte)
/nas/smbsrv.shtml << Samba server settings (workgroup, netbios name)
/nas/ftpsrv.shtml << FTP settings
/wifi2g/basic.shtml << Wireless settings
/admin/status.shtml << Access point status info leak
/internet/wan.shtml << WAN settings info leak (wanip, subnet, gateway, macaddr, lteipaddr, dns)
/internet/lan.shtml << LAN settings info leak (dhcpip, lanip, macaddr, gateway, subnet, dns)
/admin/statistic.shtml << System statistics info leak
/admin/management.shtml << System management (account settings, ntp settings, ddns settings)
/serial/serial_direct.shtml << Direct serial settings (network connection settings, serverip, port)
/admin/system_command.shtml << System command interface
/internet/dhcpcliinfo.shtml << DHCP Clients info leak (hostname, macaddr, ipaddr)
/admin/upload_firmware.shtml << Router firmware and lte firmware upgrade
/firewall/vpn_futuresystem.shtml << VPN settings (udp packet transfer, icmp check)
/cgi-bin/lte.cgi?Command=getUiccState << GetUiccState()
/cgi-bin/lte.cgi?Command=getModemStatus << Modem status info leak
/cgi-bin/systemutil.cgi?Command=SystemInfo << System info leak
Reference in a new issue View git blame Copy permalink