I am  Nabin KC  very fond of researching about the embedded devices. One day I  decide to test  Security  my home Digicom router , to check if i can run this  Is You PC Safe Inside NAT  attack.  After finding simple Store XSS bug I started digging more deep , if  I could find any serious bug in it . Then I started analysing  the session which is generated every  time I log in . After few minutes I discovered that the session value  has increase by 1

If Previous Session id was = n , then next time session id will be “n+1”

Session : n ( where is n is any number )

Session : n+1            ( this process will continue until router is reboot)

After analysing  the session generation logic of the router, I sent  the admin login traffic to the burp to  find any running session . I started brute forcing the session  and found one session which has not expired. Now with the session anyone can get full administrative right. You can create a new SSID, you can change WiFi password, or if you want to hack PC then you can change DNS and further hack their other devices with in that network.

This hack can be easily done from remote location if anyone can find  IP of the infected router. When it come to online devices then Shodan will help you. I am really sorry that I can’t provide you the shodan link  for this device due to legal issues.

The  POC of the above mention bug is below .(CVE-2014-8496)


This bug has been assigned as the CVE-2014-8496 and this  POC is just for the educational purpose. So as an author I will not be responsible for any of your illegal actions . After  publishing this bug , there was no excitement at all in my face  but when MITRE guys told me that it is the  first CVE from Nepal, my face was similar to this 😀

Soon I am going to write an article

A tale Rogue Router Firmware Chaos #Backdoor

So keep in touch ….. @N_Cnew (mt88fo8)