CVE-2018-12706 : DIGISOL DG-BR4000NG DEVICES HAVE A BUFFER OVERFLOW VIA A LONG AUTHORIZATION HTTP HEADER
CVE-2018-12706 discovered by ICSS team member Adipta Basu who is our ex-student and recently working as a faculty member with us. The CVE of him published on Exploit-DB on 25-06-2018. It’s an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: DIGISOL DG-BR4000NG – Buffer Overflow
Author: Adipta Basu
The specified router is vulnerable to Buffer Overflow. This vulnerability is still a zero day, being 24th of June 2018. To exploit the vulnerability, the following steps were taken:
Connect to the Wifi network and open the Gateway. done it by opening 192.168.2.1 .
Open BurpSuite and then start the intercept, making the necessary proxy changes to the internet browser. Now load the Go to “General Setup”, then “Wireless” and then “Basic Settings”. Now as the Burp is intercept is on, you will find an Authorization: Basic followed by a string. Now we paste a string consisting of 500 zeros.
Now the Router restarts, and even after it restarts, the firmware faces multiple graphical issues.
Reproduction steps are mentioned below:
– Goto your Wifi Router Gateway [i.e http192.168.2.1]
– Go to — General Setup — Wireless — Basic Settings
– Open BurpSuite
– Reload the Page
– Burp will capture the intercepts.
– Add a string of 500 ì0îs after the Authorization Basic string
– The router will restart.
– Refresh the page, and the whole web interface will be faulty.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: