Headline
CVE-2021-34544: Offensive Security’s Exploit Database Archive
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.
# Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials
# Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP""
# Date: 2021-06-11
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.solar-log.com/en/
# Software Link: Firmware for Solar-Log https://www.solar-log.com/en/support/firmware/
# Version: Solar-Log 500 all versions prior to 2.8.2 Build 52 - 23.04.2013
# Tested on: It is a proprietary devices: https://www.solar-log.com/en/support/firmware/
# 1. Description:
# An issue was discovered in Solar-Log 500 prior to 2.8.2 Build 52 - 23.04.2013.
# In /export.html, email.html, sms.html, the devices store plaintext passwords,
# which may allow sensitive information to be read by someone with access to the device.
# 2. Proof of Concept:
# Browse the configuration page in Solar-Log 500,
# we can find out that the passwords of FTP, SMTP, SMS services are stored in plaintext.
# http://<Your Modem IP>/export.html
# http://<Your Modem IP>/email.html
# http://<Your Modem IP>/sms.html