TP-Link TD-W8901G Default Credentials / Authentcation Bypass

`#Exploit Title: MULTIPLE VULNERABILITIES ON TP-LINK  
# Date: [10-08-2017]  
# Exploit Author: [v.Dhanunjaya]  
# Vendor Homepage: [http://www.tp-link.in/]  
# AFFECTED FRIMWARE : TD-W8901G  
# Tested on: [Windows 10,ubuntu 14.04 LTS]  
# Email : [email protected]  
# Support : CRYPTONIC_RAPTURES  
  
  
TARGET : http://XX.XXX.XXX.XXX:8080  
  
VULNERABILITIES FOUND DEFAULT CREDENTIALS & AUTHENTICATION BYPASS  
  
1) Default Admin Credentials  
  
According to the TD-W8901g manual the web interface has default credentials.  
  
Open a web browser (google chrome or firefox etc.), key in 192.168.1.1 in  
the address bar and press enter. The default username and password are both  
aadmina (all in lower case)  
  
2) AUTHENTICATION BYPASS  
  
A dangerous vulnerability present on many network devices which are using  
RomPager  
Embedded Web Server. Attacker is able to get your ISP password, wireless  
password and other sensitive information  
by issuing single HTTP GET request to a/rom-0a URI. Mentioned information  
disclosure is present in RomPager Embedded Web Server. Affected devices  
include ZTE, TP-Link, ZynOS, Huawei and many others.  
  
->open the target address in your web Browser http://wwww.XXX.XXX.XXX.X:8080  
->Now add /rom-0 to your target address.Then a rom-0 file will be  
downloaded  
->Now upload rom-0 file to the website http://www.routerpwn.com/zynos/ for  
decompression.Once it decoded you can get plain text passwords  
  
THANKYOU  
  
Regards,  
  
*V.DHANUNJAYA*  
*IT SECURITY AND CYBER FORENSICS ANALYST*  
  
[image: mobile]  
+91-8341312454 <https://si.gnatu.re/#>  
[image: email] <https://si.gnatu.re/#[email protected]>  
[email protected]  
`