A New Critical Vulnerability in SAGEMCOM routers could allow an attacker to gain access control -

In the configuration backup feature, the SAGEMCOM router, model [email protected] NET, operating software version NET 4.109.0, has an Inappropriate Access Control flaw.

^{_{16:45 GMT, Friday, November 27, 2020}}

This router is widely sold to its customers in Brazil through ISP provider CLARO.

The flaw occurs when the router’s user interface has a legitimate session running.

As long as there is any valid session opened, any unauthenticated request to http:///backupsettings.conf will allow the router configuration download.

Make a request to the /backupsettings.conf path removing any cookie data.

Image for post — Request wihtout any session data

Making the request from a different IP than the one which initialized the valid session:

The backupsettings.conf file contains sensitive information, including the administration username and password.

If the “Remote Configuration Management” is activated in the router, the access to the backup configuration file becomes available through the WAN to all Internet at the TCP:6080 .

In the image bellow I used a web proxy and accessed the WAN IP address of the router “189.61…” to ensure the external communication.

Solution:

Upgrade the router firm to lastest version from router-network.com/sagemcom/f-st-3486

References:

cvemitre

medium.com

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Consider these considerations when deciding on a virtual operator

Vodafone has three Digital plus Exclusive deals up to 100GB on Sunday

The whistleblower disclosed that Microsoft and Nintendo would launch new collaboration programs in the fall

The $4 billion purchase of Clubhouse by Twitter has been put on hold for undisclosed reasons

WhatsApp: three super secret functions that many do not know

A New Critical Vulnerability in SAGEMCOM routers could allow an attacker to gain access control

Share this:

Cookies On Undercode News Website: