[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Common consumer routers password disclosure
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Common consumer routers password disclosure
- From: danieljcrteixeira@xxxxxxxxx
- Date: Fri, 5 Nov 2010 02:59:13 -0600
Date: 2010-11-03
Product:Embedded Web Server HTTP1.0
Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax
AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920
series, Thomson TG784, ZyXEL P-660RU-T1v3
Vulnerability Type: Password disclosure
Status: Not Fixed.
Risk level: Medium
Credit: Daniel Teixeira
Vulnerability Details:
Common consumer routers Web Management Interface, allows internet access
password disclosure simply by inspecting the DSL password <INPUT> field with
development tools such as Safari Web Inspector or Firebug.
Demo: http://vimeo.com/16480521