SSD Advisory – Geneko Routers Information Disclosure
Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:26:40 +0000
Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope
Vulnerability Summary
The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21
Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G and 4G cellular technologies.”
Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
We tried to contact Geneko since August 2 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.
Vulnerability Details
If the administrator has previously backed up the configuration file, then the attacker can access
And get the configuration file with the admin password.