CVE-2022-36200
Author: M. Afaq Abid
PoC of CVE-2022-36200. - FiberHome VDSL2 Modem HG150-Ub_V3.0 (PTCL)
Information Exposure
Steps to Reproduce:
- Admin Credentials are submitted in the URL.
- Use any logger/sniffer in network (wireshark)
- Search
username&passwordparams inlogin.cgi?
These could be captured by anyone in the network as these are submitted over http (not encrypted) and these might be logged in network logs and can be sniffed as well.
PoC video for more details: https://youtu.be/nHgstvq0rr8