I am Nabin KC very fond of researching about the embedded devices. One day I decide to test Security my home Digicom router , to check if i can run this Is You PC Safe Inside NAT attack. After finding simple Store XSS bug I started digging more deep , if I could find any serious bug in it . Then I started analysing the session which is generated every time I log in . After few minutes I discovered that the session value has increase by 1
If Previous Session id was = n , then next time session id will be “n+1”
Session : n ( where is n is any number )
Session : n+1 ( this process will continue until router is reboot)
After analysing the session generation logic of the router, I sent the admin login traffic to the burp to find any running session . I started brute forcing the session and found one session which has not expired. Now with the session anyone can get full administrative right. You can create a new SSID, you can change WiFi password, or if you want to hack PC then you can change DNS and further hack their other devices with in that network.
This hack can be easily done from remote location if anyone can find IP of the infected router. When it come to online devices then Shodan will help you. I am really sorry that I can’t provide you the shodan link for this device due to legal issues.
The POC of the above mention bug is below .(CVE-2014-8496)
This bug has been assigned as the CVE-2014-8496 and this POC is just for the educational purpose. So as an author I will not be responsible for any of your illegal actions . After publishing this bug , there was no excitement at all in my face but when MITRE guys told me that it is the first CVE from Nepal, my face was similar to this 😀
Soon I am going to write an article
So keep in touch ….. @N_Cnew (mt88fo8)