OpenVox VoxStack Wireless Gateway Multiple Vulnerabilities

OpenVox VoxStack Wireless Gateway (Shodan search) has several vulnerabilities. I tested the VS-GGU-E2M0400 with software versions 1.0.7, 1.1.4 and 1.1.7.

#1 Web Interface Default Admin Credentials

There is a blog about this system that mentions the default credentials of admin / admin.

#2 /cgi-bin/php/system-login.php Cleartext SSH Credential Disclosure

The /cgi-bin/php/system-login.php script will return the current SSH credentials in cleartext. By default the web interface operates over HTTP too.

voxstack-01

#3 /cgi-bin/php/network-ddns.php Cleartext DDNS Credential Disclosure

Like the previous this gives up the DDNS credentials cleartext.

voxstack-02

#4 /cgi-bin/php/system-tools.php Cleartext System Information Disclosure

The /cgi-bin/php/system-tools.php script has a “Backup Configuration” feature that sends config-1.1.7.tar.gz (where 1.1.7 is the software version) and includes /etc/passwd among others.

Advertisements

Tags: ,

One Response to “OpenVox VoxStack Wireless Gateway Multiple Vulnerabilities”

  1. q Says:

    passing info from http to sms, you also need to include password and username in the url… Easily intercepted and seen as clear text.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: