CVE-2018-14027 : DIGISOL DG-HR3300 Wireless Router
Cross-Site Scripting bruteforce causes DOS
CVE-2018-14027 discovered by ICSS team member Rahul Upadhyay who is our ex-student and presently working as a faculty member with us. It’s an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: DIGISOL DG-HR3300 Wireless Router – Cross-Site Scripting bruteforce causes DOS
Author: Rahul Upadhyay
Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. The XSS scripts were passed using Burp Intruder and after almost 9 scripts were passed, the router shut down and connection was lost.
– Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
– Open the admin login page.
– Open BurpSuite start intercept.
– Brute force the XSS scripts via the userid and password parameter.
– After 8-9 scripts are passed. The router crashes.
– only after the router restarts and is allowed to sit idle for 10 minutes does it resume its orginal function.
Watch Full Process in Video:
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: