[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Netgear WNDAP350 root password leak

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Netgear WNDAP350 root password leak
From: Juerd Waalboer <juerd@xxxxxx>
Date: Wed, 1 Jun 2011 17:28:03 +0200

https://revspace.nl/RevelationSpace/NewsItem11x05x30x0

Summary:

    * http://192.168.0.237/downloadFile.php reveals secrets
    * http://192.168.0.237/BackupConfig.php reveals secrets
    * Included in the exposed secrets: root password and WPA2 keys
    * The PHPs do not require authentication
    * Vulnerable versions: 2.0.1, 2.0.9 (latest)
-- 
Met vriendelijke groet, // Kind regards, // Korajn salutojn,

Juerd Waalboer  <juerd@xxxxxx>
TNX

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2011:105 ] wireshark
Next by Date: [Full-disclosure] Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar
Previous by thread: [Full-disclosure] [ MDVSA-2011:105 ] wireshark
Next by thread: [Full-disclosure] Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar
Index(es):
- Date
- Thread