COVR 3902 1.01B0 Hardcoded Credentials – CXSecurity.com

漏洞ID 2147999 漏洞类型
发布时间 2020-09-07 更新时间 2020-09-07
CVE编号 CVE-2018-20432

CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
漏洞来源
https://cxsecurity.coq x Y 3 t =m/issue/WLB-2020090035
漏洞详情
漏洞细节尚未披露
漏洞EXP
*Title*: Telnet Hardcoded Credentials
*SF Y Bummary*:  The latestp N - # 7 + ^ versions of the firmware have hardcoded default
credentials that can be exploiC & Q c w T G k Uted by an unauthenticated attacker to gain
privileged access to the firmware and to extract sensitive data
*Affected Firmware:*  COVR-3902_REVA_ROUTER_FIRMWARE_v1.01B0
*CVE7 c Y:* CVE-2018-20432
*Proof of Concept: *
Step 1: “cat ./etc/init0.d/S80tea M N + 3 Z Rlnetd.sh” to get a usernamC V A T F {e
Step 2:  “cat ./etc/config/image_sign” to get a password.
Usernae W H V C x t F Tme: Alpl Q / E Nhanetworks
Password: wrgac61_dlink.2N ( + @015_dir883
-- l w j---------
Cheers !!!
Team CSW Research Lab <http://www.cybersecurityworks.com&v T | lgt;