CVE-2015-0554
published 2015-01-21CVE-2015-0554: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which…
PriorityP359critical9.4CVSS 2.0
AVNACLAuNCCINAC
EXPLOIT
EPSS
39.80%
98.4th percentile
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adb | p.dga4001n_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
exploitdb·2015-01-07·CVSS 9.4
CVE-2015-0554 [CRITICAL] Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
---
- Title:
CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure
HomeStation Movistar
- Author:
Eduardo Novella @enovella_
ednolo[@]inf.upv[dot]es
- Version:
Tested on firmware version PDG_TEF_SP_4.06L.6
- Shodan dork :
+ "Dropbear 0.46 country:es" ( From now on it looks like not working on this way)
- Summary:
HomeStation movistar has deployed routers manufactured by Pirelli. These routers are vulnerable to fetch HTML code from any
IP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information.
- The vulnerability and the way to exploit it:
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep
Nuclei
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
nuclei·CVSS 9.4
CVE-2015-0554 [CRITICAL] ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
Template:
id: CVE-2015-0554
info:
name: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
author: daffainfo
severity: critical
description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cau
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.htmlhttp://www.exploit-db.com/exploits/35721http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.htmlhttp://www.exploit-db.com/exploits/35721
2015-01-21
Published