| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+paTQR9FjBChM0dEL2zv_eWT==n-MLHv1RBMPizKPYjzUaZvQ@mail.gmail.com>
Date: Mon, 26 Nov 2012 12:06:53 +0100
From: Manu <sourvivor@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Remote Command Execution on Cisco WAG120N
It's not so rare Gary, is it?, Is just a vulnerability of command execution
and a requierment is that you have to be authenticated in the web interface
administration.
The router doesn't have any hidden webpage nor debug or dev tool for this
purpose.
2012/11/22 Gary Driggs <gdriggs@....edu>
> On Nov 22, 2012, Manu <sourvivor at gmail> wrote:
>
> > Authenticate and browse to
>
> How is this a vulnerability if it's behind an authentication wall?
> I've seen several SOHO routers and APs that include some kind of
> "hidden" web page that allows one to tweak settings. How does this
> differ & how is it remotely exploitable without authentication? I'm
> sure if you contacted the vendor they would acknowledge the existence
> of the page as either a debug or dev tool and ask the same questions I
> have.
>
> -Gary
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Manuel Fernández
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists