Netgear WNDAP350 Root Password Disclosure

2011-06-01T00:00:00
ID PACKETSTORM:101900
Type packetstorm
Reporter Juerd Waalboer
Modified 2011-06-01T00:00:00

Description

                                        
                                            `https://revspace.nl/RevelationSpace/NewsItem11x05x30x0  
  
Summary:  
  
* http://192.168.0.237/downloadFile.php reveals secrets  
* http://192.168.0.237/BackupConfig.php reveals secrets  
* Included in the exposed secrets: root password and WPA2 keys  
* The PHPs do not require authentication  
* Vulnerable versions: 2.0.1, 2.0.9 (latest)  
--   
Met vriendelijke groet, // Kind regards, // Korajn salutojn,  
  
Juerd Waalboer <juerd@tnx.nl>  
TNX  
  
`