Eir D1000 Wireless Router – WAN Side Remote Command Injection Exploit

By | November 30, 2017

 

 

# Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection
# Date: 7th November 2016
# Exploit Author: Kenzo
# Website: https://devicereversing.wordpress.com
# Tested on Firmware version: 2.00(AADU.5)_20150909
# Type: Webapps
# Platform: Hardware
 
Description
===========
By sending certain TR-064 commands, we can instruct the modem to open port 80 on the firewall. This allows access the the web administration interface from the Internet facing side of the modem. The default login password for the D1000 is the default Wi-Fi password. This is easily obtained with another TR-064 command.  
Available code here:
https://www.exploit-db.com/exploits/40740/
Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *