Advanced Media Technologies (AMT) Multiple Vulnerabilities

Advanced Media Technologies (AMT) makes all kinds of products. While playing with Shodan, I ran across a couple of their devices by way of their web interfaces. The two I found use “Z-World Rabbit” for a server, so they are fairly easy to find:

HTTP/1.1 200 OK
Date: Wed, 12 Mar 1980 23:24:37 GMT
Server: Z-World Rabbit
Connection: close
Content-Type: text/html

Both devices I found have the same basic web interface and the same vulnerabilities. The first device was a PBN CPON-100 (product, data sheet) described as a “Customer Premises Optical Node for Fast Ethernet and CATV”. The second device is the PBN OSLAM-8G (product, data sheet) described as a “Optical Subscriber Line Access Multiplexer 8-Port Module”. By default neither have any kind of authentication to access them!

Vulnerability #1

The main page, / or /index.zhtml shows the Internal IP of the gateway giving you the private IP space being used. It also shows application version, MAC address, serial number, BIOS version and uptime:

oslam-index

Vulnerability #2

Without authenticating anyone can access /advanced.zhtml which lets you reboot the device or restore factory default settings:

oslam-advanced

oslam-reboot

oslam-reset

Advertisements

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: