CVE-2018-12706 : DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.

I found that specified router is vulnerable to Buffer Overflow. This vulnerability is still a zero day, today being 24th of June 2018. To exploit the vulnerability, the following steps were taken.

Step 1: 

Connect to the Wifi network and open the Gateway. I did it by opening 192.168.2.1 .



Step 2:

Open BurpSuite and then start the intercept, making the necessary proxy changes to the internet browser. Now load the Go to "General Setup", then "Wireless" and then "Basic Settings". Now as the Burp is intercept is on, you will find an Authorization: Basic followed by a string. Now we paste a string consisting of 500 zeros.



Now the Router restarts, and even after it restarts, the firmware faces multiple graphical issues.




Comments

  1. Hi Adipta Basu, Can you suggest any open source firware for this exact router

    ReplyDelete

Post a Comment