إرسال #82083: Router Multilaser Backup File Information Disclosureالمعلومات

عنوان	Router Multilaser Backup File Information Disclosure
الوصف	Version multilaser routers are vulnerable to an attack where it is possible to download the device's backup file containing your login credentials in plain text. To reproduce, access one of the targets available in shodan (link below) and enter the path /param.file.tgz right after the link. Like for example http://x.x.x.x:8080/param.file.tgz. It will start downloading a file and inside it contains the credentials. They follow the pattern in which the word "guest" always comes, right after it comes a number, then a random character and finally, the user and password to log in to the device. guest 4 € admin nikem199131 Where in this case, the credentials are: User: admin Password: nikem199131 Shodan search: https://www.shodan.io/search?query=WWW-Authenticate%253A+Basic+realm%253D%22Multilaser%22+401 Shodan dork: WWW-Authenticate: Basic realm="Multilaser " 401
المستخدم	c4ng4c3ir0 (UID 38456)
ارسال	02/02/2023 12:19 AM (3 سنوات منذ)
الاعتدال	02/02/2023 08:42 PM (20 hours later)
الحالة	تمت الموافقة
إدخال VulDB	220053 [Multilaser RE057/RE170 2.1/2.2 Backup File /param.file.tgz الكشف عن المعلومات]
النقاط	17

Interested in the pricing of exploits?

See the underground prices here!