Posts

Showing posts from June 17, 2018

Malicious File Upload- Intex Router N-150 | CVE-2018-12528

Image
By- Navina Asrani Hi Readers, Recently while tinkering with my wifi router, I was curious to find if it has possible loopholes and vulnerabilities. Curious to explore its functionalities, I started probing with the options. Title of the Vulnerability:   Malicious File Upload Vulnerability Class: Firmware Compromise/ File Upload Technical Details & Description: The firmware allows malicious files to be uploaded without any checking of extensions and allows filed to be uploaded. CVE ID allocated: - CVE-2018-12528 Product & Service Introduction: InteX Router Steps to Re-Produce – 1.        Visit the application 2.         Go to the advanced settings post login 3.        Under backup- restore page upload any random file extension and hit go. 4.        Upon the file being upload, the firmware will get rebooted accepting the arbitrary file. Exploitation Technique: A attacker can upload malicious files to compromise the firmware. Severity

Cross Site Request Forgery- Intex Router N-150 | CVE-2018-12529

Image
By- Navina Asrani Hi Readers, Recently while tinkering with my wifi router, I was curious to find if it has possible loopholes and vulnerabilities. Curious to explore its functionalities, I started probing with the options. Title of the Vulnerability:   Cross Site Request Forgery Vulnerability Class: Code Execution/ Privilege Escalation Technical Details & Description: The firmware allows malicious request to be executed without verifying source of request. This leads to arbitrary execution with malicious request which will lead to the creation of a privileged user. CVE ID allocated: -  CVE-2018-12529 Product & Service Introduction: Intex Router Steps to Re-Produce – 1.        Visit the application 2.         Go to any router setting modification page and change the values, create a request and observe the lack of CSRF tokens. 3.        Craft an html page with all the details for the built-in admin user creation and host it on a server