An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network.Īn issue was discovered on Linksys WRT1900ACS 1.66 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.66/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.Īn issue was discovered on Linksys WRT1900ACS 1.66 devices. A user who has access to the web interface of the device can extract these secrets. This web page is visible when remote management is enabled. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This issue affects: Linksys MR8300 Router 1.0. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device.
By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service.
0 kommentar(er)
