Gemtek CPE7000 WLTCS-106 sysconf.cgi Remote Command Execution

Posted by deepcore on April 27, 2016 – 1:36 pm

A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 exposing Iperf tool to unauthenticated users. Injecting a command in the perf_measure_server_ip parameter, an attacker can execute arbitrary commands. Since the service runs as root, the remote command execution has the same administrative privileges. The remote shell is obtained uploading the payload and executing it. A reverse shell is preferred rather then a bind one, since firewall won’t allow (by default) incoming connections. Tested on Hardware version V02A and Firmware version 01.01.02.082.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://chiangkiean.go.th/king.htm Cyberoam Central Console 02.03.1 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Gemtek CPE7000 WLTCS-106 sysconf.cgi Remote Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL