ActionTec Modem Advanced Setup Login Panel

What is the ActionTec Modem Advanced Setup Login Panel?

The ActionTec Modem Advanced Setup Login Panel is a module designed to detect misconfigurations in the ActionTec Modem's advanced setup login panel. It targets the ActionTec Modem software and aims to identify potential security vulnerabilities.

This module has an informative severity level, meaning it provides valuable information without posing an immediate threat.

Author: dhiyaneshDK

Impact

The module helps identify potential security risks in the ActionTec Modem's advanced setup login panel. By detecting misconfigurations, it enables users to take necessary actions to enhance the security of their modem and protect against potential attacks.

How does the module work?

The module works by sending an HTTP GET request to the ActionTec Modem's login page. It then applies matching conditions to determine if the page contains specific elements indicating the presence of the advanced setup login panel.

An example of the HTTP request sent by the module:

GET /cgi-bin/webcm?getpage=../html/login.html

The module uses two matching conditions:

- Matcher 1: It checks if the page title contains the phrase "Advanced Setup - Security - Admin User Name & Password". - Matcher 2: It verifies that the HTTP response status is 200 (OK).

If both matching conditions are met, the module identifies the presence of the ActionTec Modem Advanced Setup Login Panel.

Reference:

- https://www.exploit-db.com/ghdb/6819 - https://www.actiontec.com/dsl/

Metadata:

max-request: 1