TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

ATT U-Verse VAP2500 vulns

November 25th, 2014 by admin in Privilege Escalation, Wireless


ATT U-Verse service includes the VAP2500 video access point as part of the installation,. From their guide “The VAP2500 enables you to transmit multiple standard- and high-definition video streams throughout your home wirelessly. You can enjoy a full range of video services and applications without having to run wires, lay cables, or drill holes. The U-verse Wireless Access Point operates only with authorized U-verse Wireless
Receiver(s).”
Apparently it’s full of holes too:

1. Readable plain-text file, admin.conf, which holds the username and md5 encrypted passwords
(defaults are: ATTadmin : 1b12957d189cde9cda68e1587c6cfbdd MD5 : 2500!VaP
super : 71a5ea180dcd392aabe93f11237ba8a9 MD5 : M0torola!
)

2. They use the md5 hash of the username as a cookie for authentication

3. gui suppports command injection

More info: http://goto.fail

similar report: http://www.dslreports.com

Leave a reply