It's not so rare Gary, is it?, Is just a vulnerability of command execution and a requierment is that you have to be authenticated in the web interface administration. The router doesn't have any hidden webpage nor debug or dev tool for this purpose.
2012/11/22 Gary Driggs <[email protected]> > On Nov 22, 2012, Manu <sourvivor at gmail> wrote: > > > Authenticate and browse to > > How is this a vulnerability if it's behind an authentication wall? > I've seen several SOHO routers and APs that include some kind of > "hidden" web page that allows one to tweak settings. How does this > differ & how is it remotely exploitable without authentication? I'm > sure if you contacted the vendor they would acknowledge the existence > of the page as either a debug or dev tool and ask the same questions I > have. > > -Gary > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Manuel Fernández
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
