module
Airties login-cgi Buffer Overflow
Disclosed | Created |
---|---|
Mar 31, 2015 | May 30, 2018 |
Disclosed
Mar 31, 2015
Created
May 30, 2018
Description
This module exploits a remote buffer overflow vulnerability on several Airties routers.
The vulnerability exists in the handling of HTTP queries to the login cgi with long
redirect parameters. The vulnerability doesn't require authentication. This module has
been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation.
Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT,
Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
The vulnerability exists in the handling of HTTP queries to the login cgi with long
redirect parameters. The vulnerability doesn't require authentication. This module has
been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation.
Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT,
Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
Authors
Batuhan Burakcin batuhan@bmicrosystems.com
Michael Messner devnull@s3cur1ty.de
Michael Messner devnull@s3cur1ty.de
Platform
Linux
Architectures
mipsbe
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.