Full Disclosure mailing list archives

Netgear WNDAP350 root password leak

From: Juerd Waalboer <juerd () tnx nl>
Date: Wed, 1 Jun 2011 17:28:03 +0200

https://revspace.nl/RevelationSpace/NewsItem11x05x30x0

Summary:

    * http://192.168.0.237/downloadFile.php reveals secrets
    * http://192.168.0.237/BackupConfig.php reveals secrets
    * Included in the exposed secrets: root password and WPA2 keys
    * The PHPs do not require authentication
    * Vulnerable versions: 2.0.1, 2.0.9 (latest)
-- 
Met vriendelijke groet, // Kind regards, // Korajn salutojn,

Juerd Waalboer  <juerd () tnx nl>
TNX

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Netgear WNDAP350 root password leak Juerd Waalboer (Jun 01)