Bugtraq mailing list archives
Common consumer routers password disclosure
From: danieljcrteixeira () gmail com
Date: Fri, 5 Nov 2010 02:59:13 -0600
Date: 2010-11-03 Product:Embedded Web Server HTTP1.0 Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, ZyXEL P-660RU-T1v3 Vulnerability Type: Password disclosure Status: Not Fixed. Risk level: Medium Credit: Daniel Teixeira Vulnerability Details: Common consumer routers Web Management Interface, allows internet access password disclosure simply by inspecting the DSL password <INPUT> field with development tools such as Safari Web Inspector or Firebug. Demo: http://vimeo.com/16480521
Current thread:
- Common consumer routers password disclosure danieljcrteixeira (Nov 05)