Be aware from this new ZTE Router F602W Vulnerability discovered by Hritik Vijay that allow hackers to bruteforce router’s password, Bypassing the Captch, using CVE-2020-6862.
Update your router’s firmware.
Captcha is used to make sure the form is being filled by a real person
than an automated script. This is a very popular safety measure and
bypassing it could lead to potential compromise.
While logging in to the affected device you are presented with a
A typical login request looks like this:
POST / HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.1.1/ Content-Type: application/x-www-form-urlencoded Content-Length: 101 Connection: close Cookie: _TESTCOOKIESUPPORT=1 Upgrade-Insecure-Requests: 1 frashnum=&action=login&Frm_Logintoken=2&Username=admin&Password=admin&Validatecode=literally_anything
Though, firing the same request twice fails with a text on the top
saying “Error”. This pretty much defeats our purpose. It turns out that
on every login attempt, the parameter Frm_Logintoken gets incremented by
one and is required to match the server side value. This can pretty
easily be achieved by some pattern matching. Thus allowing any script
to bypass the captcha and log in.
A captcha bypass can really help in bruteforcing the credentials but
luckily the router limits the login trials to 3 attempts. In real
world though, things are a bit different.
The affected ZTE router comes with a default password. Given that the
devices on a same ISP network can access each other, it would be a
matter of time before someone writes a script to log in to every router
in the network and take control of it.