[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.
Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.
DIGISOL router is a product of Smartlink Network Systems Ltd. is one
of India's leading networking company. It was established in the year
1993 to prop the Indian market in the field of Network Infrastructure.
DIGISOL DG-HR1400 is a wireless Router
Product link: http://wifi.digisol.com/datasheets/DG-HR1400.pdf
privilege escalation vulnerability in the DIGISOL DG-HR1400 wireless
router enables an attacker escalate his user privilege to an admin
just by modifying the Base64encoded session cookie value
Proof Of Concept 1:
1) Login to the router as a User where router sets the session cookie
value to VVNFUg== (Base64 encode of "USER")
2) So Encode "ADMIN" to base64 and force set the session cookie value
3) Refresh the page and you are able to escalate your USER privileges to ADMIN.
Proof Of Concept 2:
Vendor Notification: 13/03/17
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/