module
Airties login-cgi Buffer Overflow
| Disclosed | Created |
|---|---|
| 2015-03-31 | 2018-05-30 |
Disclosed
2015-03-31
Created
2018-05-30
Description
This module exploits a remote buffer overflow vulnerability on several Airties routers.
The vulnerability exists in the handling of HTTP queries to the login cgi with long
redirect parameters. The vulnerability doesn't require authentication. This module has
been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation.
Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT,
Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
The vulnerability exists in the handling of HTTP queries to the login cgi with long
redirect parameters. The vulnerability doesn't require authentication. This module has
been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation.
Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT,
Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
Authors
Batuhan Burakcin batuhan@bmicrosystems.com
Michael Messner devnull@s3cur1ty.de
Michael Messner devnull@s3cur1ty.de
Platform
Linux
Architectures
mipsbe
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.