[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)
[+] Credits: Ian Ling
[+] Website: iancaling.com
Default Root Account
Ceragon FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11". They can then browse to one of the following URL's (varies by model number and software version) to add their own user account with full admin privileges:
After adding their own user account, they can clear their cookies and log in with the new credentials they created.
All versions below 7.2.0
The remote attacker has full control over the device's web interface.
Vendor Notification: May 5, 2016
Public Disclosure: June 15, 2016