Malicious File Upload- Intex Router N-150 | CVE-2018-12528
By- Navina Asrani Hi Readers, Recently while tinkering with my wifi router, I was curious to find if it has possible loopholes and vulnerabilities. Curious to explore its functionalities, I started probing with the options. Title of the Vulnerability: Malicious File Upload Vulnerability Class: Firmware Compromise/ File Upload Technical Details & Description: The firmware allows malicious files to be uploaded without any checking of extensions and allows filed to be uploaded. CVE ID allocated: - CVE-2018-12528 Product & Service Introduction: InteX Router Steps to Re-Produce – 1. Visit the application 2. Go to the advanced settings post login 3. Under backup- restore page upload any random file extension and hit go. 4. Upon the file being upload, the firmware will get rebooted acceptin...