header-logo
Suggest Exploit
vendor:
N-150
by:
Samrat Das
7.5
CVSS
HIGH
Arbitrary File Upload
N/A
CWE
Product Name: N-150
Affected Version From: N-150
Affected Version To: N-150
Patch Exists: YES
Related CWE: N/A
CPE: h:intex:n-150
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows, Linux, Mac
2018

Intex Router N-150 – Arbitrary File Upload

The firmware allows malicious files to be uploaded without any checking of extensions and allows filed to be uploaded. To exploit, visit the application, go to the advanced settings post login, under backup- restore page upload any random file extension and hit go. Upon the file being upload, the firmware will get rebooted accepting the arbitrary file.

Mitigation:

The vendor has released a patch to fix this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title:​​ Intex Router N-150 - Arbitrary File Upload
# Date: 2018-06-23
# Exploit Author: Samrat Das
# Version: N-150
# CVE : N/A
# Category: Router Firmware

# 1. Description
# The firmware allows malicious files to be uploaded without any checking of
# extensions and allows filed to be uploaded.

# 2. Proof of Concept

- Visit the application
- Go to the advanced settings post login
- Under backup- restore page upload any random file extension and hit go.
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file.

Navigation

Suggest Exploit

Services By CQR