Hello friends how are you i hope that you are all doing great and want to learn more so here is the Public Exploit for the Zong MBB devices Manufactured By FiberHome with this exploit we are able to get the routers Login Details just by connecting with the wifi of the device so lets get started.
Device Information FiberHome Zong MBB Internet Device
Device Hardware Version :=
Device Name (Product Type) :=
LM53SL Wireless Data Terminal
Software Version Number :=
The main issue over here is due to lack of authentication and other one is that the routers login details are being stored in plain text over CGI XML file which is access able by any one even if he is not logged into the router. Which is not a good practice this is a real important issue to fix the recommended fix to push quick firmware update to the device in which this you can do two thing to fix it
- Don’t show the content of any CGI XML file over the client side.
- Or require authentication by the user and then they may be able to view the files content.
The first option is most recommended.
here is the link the the XML file which store the login details.
output to this file :-
And to automate this process we have created a Python Exploit for this.
Output Of the Exploit :-
$ python zong-exploit.py ============================================================================= = ZONG Modem Authentication Exploiter = ============================================================================= [i] Using Default GATEWAY IP: 192.168.8.1 [+] We Have a Hit! Username of Zong Device: admin Password of Zong Device: admin ============================================================================= [+] We Have a Hit again! Hardware Version of Zong Device: L529CV5 Name of Zong Device: LM53SL Software Version of Zong Device: VH529R02C01S38 IMEI of Zong Device!: 869446020306747 WiFi SSID of Zong Device: hack_the_hacker MAC Address of Zong Device: 78:52:62:27:a5:df IP of Zong Device: 10.41.90.208 Gateway of Zong Device: 10.41.90.209 DNS 1 of Zong Device: 10.81.191.14 DNS 2 of Zong Device: 18.104.22.168 ============================================================================= ============================================================================= = Exploit Developed By : Jahanzaib Khan Durrani = = Vulnerability Found By : Osama Mehmood = =============================================================================
Here is the code you can git it from GitHub.
GitHub Link : https://github.com/OsamaMahmood/Zong-router-exploit
Here is the Video showing how to use the exploit :-