| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100310005217.5126.qmail@securityfocus.com> Date: 10 Mar 2010 00:52:17 -0000 From: lament@...ack.org To: bugtraq@...urityfocus.com Subject: Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability ========================================= Yaniv Miron aka "Lament" Advisory March 7, 2010 Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability ========================================= ===================== I. BACKGROUND ===================== Based on the company’s technical expertise and a decade of hands-on experience in the telecom industry, Friendly’s solution is a ROBUST, SCALABLE, SECURED, TELCO GRADE and COST-EFFECTIVE TR-069 solution. The TR-069 protocol was accepted as the standard for CPE management by the DSL, WiMAX, NGN / Optical network providers (some Cable operators are deploying TR-069 as well). Device Management & Auto Provisioning Friendly’s TR-069 solution delivers comprehensive remote management and auto-provisioning of CPEs that support the TR-069 standard - including modem/routers, IPTV/ STBs, ATA/VoIP, storage devices, media centers, etc. http://www.friendly-tech.com/remotemamagment.asp ===================== II. DESCRIPTION ===================== The Friendly-Tech FriendlyTR69 CPE Remote Management is prone to SQL injection attacks. ===================== III. ANALYSIS ===================== The vulnerability occurs due to insufficient sanitization of user-supplied data when logging onto the FriendlyTR69 CPE Remote Management. Successful exploitation may result in an attacker obtaining admin access to the FriendlyTR69 CPE Remote Management. ===================== IV. EXPLOIT ===================== Username: ' or 1=1-- Password: ' or 1=1-- ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability Found Jan 2009 Vendor Notification March 2010 Public Disclosure ===================== VI. CREDIT ===================== Yaniv Miron aka "Lament". lament@...ack.org
Powered by blists - more mailing lists