Nmap Development mailing list archives
Re: [NSE] Identify RomPager rom-0 vulnerabilities
From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 6 Jan 2016 15:56:12 -0500
Oh, that’s a great addition to http-enum. I just published some stats about wifi networks in México [1] and the most popular vendor is Huawei. Tons of vulnerable devices over here. [1] http://www.websec.mx/blog/ver/infografia-seguridad-wifi-mexico-2015 Cheers.
On Jan 6, 2016, at 3:52 PM, Daniel Miller <bonsaiviking () gmail com> wrote: Vlatko, Thanks for these scripts! I converted the rom-0 script into a fingerprint in http-fingerprints.lua, and I hope we will be able to make improvements to that database and the http-enum script that will make vuln scanning easier [1]. The http-rompager-xss script I added as http-vuln-cve2013-6786, since that CVE has been assigned according to the reference you listed. It seems general enough of a check that I think it is likely to turn up "false" positives: other software or websites that are vulnerable to the same thing, though they may not be RomPager. I put a note to that effect in the description. Thanks for the contributions again! Dan On Sun, Jul 5, 2015 at 9:40 AM, Vlatko Kosturjak <kost () linux hr <mailto:kost () linux hr>> wrote: Hello! These NSE scripts identify simple, but dangerous vulnerabilities present on many network devices which are using RomPager Embedded Web Server. Attacker is able to get your ISP password, wireless password and other sensitive information by issuing single HTTP GET request to ‘/rom-0′ URI. Mentioned information disclosure is present in RomPager Embedded Web Server. Affected devices include ZTE, TP-Link, ZynOS, Huawei and many others. Vulnerability was published in 2014 (by looking at CVE), but I see lot of people don’t know about it: mainly because there was no hype about it and most of the popular vulnerability scanners failed in identifying it. So, I hope this vulnerability will get better treatment after these NSE scripts. NSE scripts are also available here: https://github.com/kost/nmap-nse/tree/master/scripts <https://github.com/kost/nmap-nse/tree/master/scripts> You can read more about vulnerability and exploitation here: https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/ <https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/> Take care, -- Vlatko Kosturjak - KoSt _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev> Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/> _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Identify RomPager rom-0 vulnerabilities Daniel Miller (Jan 06)
- Re: [NSE] Identify RomPager rom-0 vulnerabilities Paulino Calderon (Jan 06)
- Re: [NSE] Identify RomPager rom-0 vulnerabilities Daniel Miller (Jan 06)