Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell.

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 26 Mar 2014 13:04:06 -0500
On 03/26/2014 08:39 AM, Groundworks Technologies Advisories Team wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


*Title:*

Allied Telesis AT-RG634A ADSL Broadband router hidden administrative
unauthenticated webshell.

*Vulnerability Information:*
- - CVE: CVE-2014-1982
- - Type of Vulnerability:
   - CWE-78  : OS Command Injection
   - CWE-306 : Missing Authentication for Critical Function

This Is Just To Say

I have exploited
the backdoor
that was in
the modem

and which
you were probably
saving
for debugging

Forgive me
it was delicious
so sweet
and so privileged

Apologies to William Carlos Williams


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: