REMOTE CONTROL — CVE-2020–10376.

A remote attacker can capture data and REMOTE CONTROL BASED ON USE OF AUTHENTICATED IN INDEX.HTML WITH PARAMETER “Authorization:Basic :<STRING>”, The router model is Technicolor -TC7337NET and the firmware version is 08.89.17.23.03

Prof of Concept:

Step 1: start capture with wireshark:

Step 2: Log in to the router:

Step 3: Locate the index.html?Authorization:Basic through wireshark:

Step 4: Use the string to access the router through an browser tab, Success is logged on the router:

Video:

https://vimeo.com/396812142