Skip to content

Instantly share code, notes, and snippets.

@Saket-taneja
Created June 27, 2020 15:24
Show Gist options
  • Save Saket-taneja/9576573122be1cb0d6dc9d9a73db5631 to your computer and use it in GitHub Desktop.
Save Saket-taneja/9576573122be1cb0d6dc9d9a73db5631 to your computer and use it in GitHub Desktop.
The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows
remote attackers to obtain sensitive information via the
form/formDeviceVerGet URI, such as system id, hardware model, hardware
version, bootloader version, software version, software image file,
compilation time, and system uptime.
The attacker just has to create a request to
http://routerip/form/formDeviceVerGet
and in the response the whole information about the router will be disclosed to the attacker.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment