Use them at your own risk!
This security hole allows an attacker to bypass
authentication and change the DNS. When the
administrator is logged in the web management
interface, an attacker may be able to completely
bypass authentication phase and connect to the
web management interface with administrator's
credentials. This attack can also be performed
by an external attacker who connects to the
router's public IP address, if remote management
is enabled. To change the DNS without logging
into web management interface use the following URL:
http://TARGET/dnscfg.cgi?dnsPrimary=8.8.8.8&dnsSecondary=8.8.4.4&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=
#exploit found by
Todor Donev
This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
0 commentaires:
Enregistrer un commentaire