How anyone can hack your Digicom Router? (CVE-2014-8496)

I am very fond of researching about the embedded devices. One day I was into my Digicom router, to test how much secure i am from the attack like Is You PC Safe Inside NAT . After finding simple XSS bug I started digging more deep, if  I could find any serious bug in it . Then I started analyzing  the session which is generated every  time I log in . After few minutes I discovered that the session value  has increase by 1 in each login.

Example :

If previous Session id was = n , then next time session id will be “n+1”

Session : n ( where is n is any number )

Session : n+1            ( this process will continue until router is reboot)

After analyzing  the session generation logic of the router, I sent  the admin login traffic to the burp to  find any running session . I started brute forcing the session  and found one session which has not expired. Now with the session anyone can get full administrative right. You can create a new SSID ,you can change WiFi password, or if you want to hack PC then you can change DNS and further hack their Devices.

This hack can be easily done from remote location if anyone can find  IP of the infected router. When it come to online devices then Shodan will help you. I am really sorry that I can’t provide you the shodan link  for this device due to legal issues.

The  POC of the above mention bug is below .(CVE-2014-8496)

This bug has been assigned as the CVE-2014-8496 and this  POC is just for the educational purpose. So as an author I will not be responsible for any of your illegal actions . After  publishing this bug i i had no excitement at all, my face was something like :/  but when MITRE guys told me that it is the  first CVE from Nepal, my face was similar to this 😀

Soon I am going to write an article

“Why Is there Backdoor in 100K  broadband router of more then 20 vendor?”

So keep in touch ….. @N_Cnew (mt88fo8)

 

Comments
  1. ano

Leave a Reply

Your email address will not be published. Required fields are marked *

*

3 × 5 =