Exploits / Vulnerability Discovered : 2018-04-06 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Fiberhome vdsl2 modem hg 150ub authentication bypass is for educational purposes only and if it is used you will do on your own risk!
The vulnerability exists in plain text & hard coded cookie. Using any
cookie manager extension, an attacker can bypass login page by setting the
following Master Cookie.
Cookie: Name=0admin
Then access the homepage which will no longer require authentication.
http://192.168.10.1/
Due to improper session implementation, there is another way to bypass
login. The response header of homepage without authentication looks like
this.
<html>
<head>
.. continue to actual homepage source
The response header looks totally messed up and by triggering burp suite
and modifying it to following will grant access to homepage without
authentication.