darkarnium / secpub Goto Github PK
View Code? Open in Web Editor NEWPublished security vulnerabilities, research, and associated information.
Published security vulnerabilities, research, and associated information.
Require: restclient - outdated
replace with restup
Whilst running the PoC against my vulnerable WNDR3700v4 and WNR1000v2 routers, I noticed that the Admin Password reported wasn't always correct. My password happens to include an "&" ampersand character so I wonder if that is the issue?
For example setting the WNDR3700v4 admin password to "qwerty&123" the PoC code reports just "qwerty123". Or setting the admin password to "abcd&DEFG" the PoC reports just "abcd".
Regards,
Chris
Ran PoC against a device I had lying around and it listed admin password, ssid, wpa key, model number, serial number, firmware version, and attached devices.
Model Number: WNR1000v2
Firmware: V1.0.1.1
Regards,
Jimi Sebree
My NetGear WNDR3300 running Firmware V1.0.45 is vulnerable similar to my R6300 (#3) on the UPnP port (5000) using the path http://ROUTER-IP-ADDR:5000/soap/server_sa/
.
I had UPnP enabled on my WNDR3300 and after turning it off it was no longer vulnerable as port 5000 was closed.
I never had UPnP enabled on my R6300 and even after enabling and disabling UPnP, port 5000 is still open and the router vulnerable.
Regards,
Robert Müller
Sending a post request with the header SOAPAction: urn:NETGEAR-ROUTER:service:LANConfigSecurity:1#GetInfo
(using the Firefox HttpRequester add-on) to http://ROUTER-IP-ADDR:5000/soap/server_sa/
resulted in the server returning my device's password in cleartext.
My Router is a NetGear R6300v2 running Firmware V1.0.3.8_1.0.60.
Regards,
Robert Müller
Hi,
Just tested this on WNR2200 and is working, default run - no special paramters.
[*] Model Number: wnr2200
[*] Firmware Version: V1.0.1.76
Best regards.
Hi,
I own the router in the title, and I just tried the new metasploit module, and I was successful at pulling the credentials with this exploit.
It's vulnerable on port 80.
P.S. if you wish to give attribute (not necessary), my full name is Shelby Spencer
Hi Darkarnium
I was wondering if you could provide me some usage instructions for SOAPWNDR?
Thanks
Hello, I ran SOAPWNDR.rb against a Netgear DGND3700 v.1 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router and the output was:
[!] Attempting to extract information from http://192.168.0.1:80/
[!] Failed to query remote host.
Hi!
as I did not find an option to send you an email I'll do it this way...
I have a WNDR4300 and your skript printed the correct wpa name/key, admin password, serial number and firmware version (1.0.1.60, latest).
I wrote to the netgear support with a link to this repository, maybe it works when many people open a ticket?
Thanks for finding this!
Ronny Lindner
Which Restclient are you using?
`require': cannot load such file -- restclient (LoadError)
gem install restclient doesn't help
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.