ID
VAR-E-201703-0271
CVE
| cve_id: | CVE-2017-6896 | Trust: 1.5 |
EDB ID
41633
TITLE
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation. CVE-2017-6896 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | digisol | model: | dg-hr1400 wireless router | scope: | eq | version: | 1.00.02 | Trust: 2.2 |
| vendor: | digisol | model: | dg-hr1400 | scope: | eq | version: | 1.00.02 | Trust: 0.5 |
EXPLOIT
Title:
======
Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.
CVE Details:
============
CVE-2017-6896
Reference:
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896
https://vuldb.com/sv/?id.97954
https://www.indrajithan.com/DIGISOL_router_previlage_escaltion
Credit:
======
Name: Indrajith.A.N
Website: https://www.indrajithan.com
Date:
====
13-03-2017
Vendor:
======
DIGISOL router is a product of Smartlink Network Systems Ltd. is one of India's leading networking company. It was established in the year 1993 to prop the Indian market in the field of Network Infrastructure.
Product:
=======
DIGISOL DG-HR1400 is a wireless Router
Product link: http://wifi.digisol.com/datasheets/DG-HR1400.pdf
Abstract details:
=================
privilege escalation vulnerability in the DIGISOL DG-HR1400 wireless router enables an attacker escalate his user privilege to an admin just by modifying the Base64encoded session cookie value
Affected Version:
=============
<=1.00.02
Exploitation-Technique:
===================
Remote
Severity Rating:
===================
8
Proof Of Concept :
==================
1) Login to the router as a User where router sets the session cookie value to VVNFUg== (Base64 encode of "USER")
2) So Encode "ADMIN" to base64 and force set the session cookie value to QURNSU4=
3) Refresh the page and you are able to escalate your USER privileges to ADMIN.
Disclosure Timeline:
======================================
Vendor Notification: 13/03/17
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Privilege Escalation
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
CREDITS
Indrajith.A.N
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6896 | Trust: 3.3 |
| db: | VULDB | id: | 97954 | Trust: 3.3 |
| db: | EXPLOIT-DB | id: | 41633 | Trust: 1.6 |
| db: | 0DAYTODAY | id: | 27347 | Trust: 0.6 |
| db: | EDBNET | id: | 92039 | Trust: 0.6 |
| db: | EDBNET | id: | 92077 | Trust: 0.6 |
| db: | EDBNET | id: | 92003 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 141693 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6896 | Trust: 1.5 |
| url: | https://0day.today/exploits/27347 | Trust: 0.6 |
| url: | https://www.intelligentexploit.com | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/41633/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 141693 |
| db: | EXPLOIT-DB | id: | 41633 |
| db: | EDBNET | id: | 92039 |
| db: | EDBNET | id: | 92077 |
| db: | EDBNET | id: | 92003 |
LAST UPDATE DATE
2022-07-27T09:42:26.130000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 141693 | date: | 2017-03-20T03:33:33 |
| db: | EXPLOIT-DB | id: | 41633 | date: | 2017-03-18T00:00:00 |
| db: | EDBNET | id: | 92039 | date: | 2017-03-20T00:00:00 |
| db: | EDBNET | id: | 92077 | date: | 2017-03-21T00:00:00 |
| db: | EDBNET | id: | 92003 | date: | 2017-03-19T00:00:00 |