关联漏洞
Description
Cookie-based authentication vulnerability on Tk-Rt-Wr135G
介绍
# CVE-2024-55211
Cookie-based authentication vulnerability on Tk-Rt-Wr135G
# Affected vendor
Think Technology
# Affected product
Wireless Router Ac 1200Mbps Tk-Rt-Wr135G
# Affected version
Firmware V3.0.2-X000
# Description
The vulnerability allows the bypass of the login form in the router TK-RT-WR135G, allowing the attacker to change any configuration designed for the router.
This is made possible by changing the value of the LoginStatus cookie, altering its initial value of "false" to "true", which makes the user logged in for a set period of time.
# Exploit
This vulnerability can be exploited via a web browser's console or a cookie inspector.
# Attack vectors
Considering the power to change any configuration, the vulnerability allows for attack vectors such as DNS hijacking by altering the default DNS to any arbitrary one hosted on a machine that's part of the LAN with custom DNS rules; custom firmware updates and direct un-authed requests to the router using tools such as curl.
# PoC
https://github.com/user-attachments/assets/e7c26afc-85f3-4f0e-be34-63df5e3084ca
文件快照
[4.0K] /data/pocs/251c2d05e33a8934dfc9d94be084b2247b4cbd09
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。