Eir D1000 Wireless Router – WAN Side Remote Command Injection Exploit


Acronis Cyber Protect

# Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection

# Date: 7th November 2016

# Exploit Author: Kenzo

# Website: https://devicereversing.wordpress.com

# Tested on Firmware version: 2.00(AADU.5)_20150909

# Type: Webapps

# Platform: Hardware

Description

===========

By sending certain TR-064 commands, we can instruct the modem to open port 80 on the firewall. This allows access the the web administration interface from the Internet facing side of the modem. The default login password for the D1000 is the default Wi-Fi password. This is easily obtained with another TR-064 command.  

Available code here:

https://www.exploit-db.com/exploits/40740/


Leave a Comment