Gửi #68089: Unauthenticated backup file download with hardcoded credentials - Netis / NetCore Routersthông tin

tiêu đề	Unauthenticated backup file download with hardcoded credentials - Netis / NetCore Routers
Mô tả	The server does not perform authentication validation for downloading the backup file, thus allowing arbitrary users to be able to extract the device's credentials easily, quickly and without being authenticated. To replicate the vulnerability, simply paste the address of the vulnerable service and add the path /param.file.tgz to the end of it. Doing so will start an automatic download and the downloaded file will contain the credentials in plain text. To identify some devices exposed on the network, I used shodan. Below is the link with the query: https://www.shodan.io/search?query=%22Server%3A+HTTP+Software+1.1%22+HTTP%2F1.1+401+ The credentials are the two words after the word "guest" and a random number, as in the example below where the credentials are admin:admin: netcore Router guest 0 € admin admin It was not possible to accurately identify the affected versions, but it was observed that all vulnerable devices have the same pattern of headers mentioned above, in the shodan link with the queries.
Nguồn	⚠️ http://x.x.x.x:8080/param.file.tgz
Người dùng	c4ng4c3ir0 (UID 38456)
Đệ trình	07/01/2023 00:17 (cách đây 3 những năm)
Kiểm duyệt	07/01/2023 09:22 (9 hours later)
Trạng thái	được chấp nhận
Mục VulDB	217591 [Netis Netcore Router đến 2.2.6 Backup param.file.tgz tiết lộ thông tin]
điểm	17

Do you know our Splunk app?

Download it now for free!