CVE-2024-57778 PoC — Orbe ONetView Roteador Onet-1200 安全漏洞

Source

Associated Vulnerability

Description

An issue in Orbe ONetView Roteador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200 

Readme

# CVE-2024-57778
**Description**: An issue in Orbe ONetView Roteador Onet-1200 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.

**Versions**: Discovered in Orbe ONetView Roteador Onet-1200 Orbe 1680210096, but applicable to all versions up to.

## Proof of Concept
When accessing the router's menu page at http://192.168.1.1/menu.html and clicking on any option, a 500 error code will be displayed:
![image](https://github.com/user-attachments/assets/649dbc4f-0fed-4581-bae0-723d7c370466)

After this, we can activate Burp Suite to capture the application's response. Then, by accessing http://192.168.1.1/menu.html again and triggering the error, we can change the code to 200:
![image](https://github.com/user-attachments/assets/1900d15c-c121-408a-905a-5e302325307d)

With this, we gain access to the configuration page:

![image](https://github.com/user-attachments/assets/9b5e2d53-19cb-438e-8660-318832330502)

Now, with full access to the router, you can enable or disable features, modify settings, and perform other administrative tasks as needed.

File Snapshot

 [4.0K]  /data/pocs/f0c3253486ad40c64cd4e620ff5d36dd966c56af
└── [1.1K]  README.md

0 directories, 1 file

Remarks