Description
vulnerability in the local web login.
The generated session ID is known every time the device is restarted.
Affected Product
- A1300 /AX1800 /AXT1800 /MT3000 /MT2500 /MT6000 /MT1300 /MT300N-V2 /AR750S /AR750 /AR300M /B1300
Affected Firmware Version
4.3.7/4.4.6/4.5.0 Affected, fixed in 4.5.0
Exploit
- reboot the router
- login 5 times and track each generated seed
- reboot again the router
- login again 5 times, you'll notice the sequence of SID will always be the same.
Impact
An attacker can brute force the sid by trying a long sequence of sid known to be valid.