Nmap Development mailing list archives
Re: [NSE] Identify RomPager rom-0 vulnerabilities
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 6 Jan 2016 15:00:32 -0600
Oops, neglected to put in my footnote. The issue I was referring to is #267, "Improve http-fingerprints.lua format and organization" https://github.com/nmap/nmap/issues/267 Also, the NSEdoc page for the script has been generated: https://nmap.org/nsedoc/scripts/http-vuln-cve2013-6786.html Dan On Wed, Jan 6, 2016 at 2:52 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
Vlatko, Thanks for these scripts! I converted the rom-0 script into a fingerprint in http-fingerprints.lua, and I hope we will be able to make improvements to that database and the http-enum script that will make vuln scanning easier [1]. The http-rompager-xss script I added as http-vuln-cve2013-6786, since that CVE has been assigned according to the reference you listed. It seems general enough of a check that I think it is likely to turn up "false" positives: other software or websites that are vulnerable to the same thing, though they may not be RomPager. I put a note to that effect in the description. Thanks for the contributions again! Dan On Sun, Jul 5, 2015 at 9:40 AM, Vlatko Kosturjak <kost () linux hr> wrote:Hello! These NSE scripts identify simple, but dangerous vulnerabilities present on many network devices which are using RomPager Embedded Web Server. Attacker is able to get your ISP password, wireless password and other sensitive information by issuing single HTTP GET request to ‘/rom-0′ URI. Mentioned information disclosure is present in RomPager Embedded Web Server. Affected devices include ZTE, TP-Link, ZynOS, Huawei and many others. Vulnerability was published in 2014 (by looking at CVE), but I see lot of people don’t know about it: mainly because there was no hype about it and most of the popular vulnerability scanners failed in identifying it. So, I hope this vulnerability will get better treatment after these NSE scripts. NSE scripts are also available here: https://github.com/kost/nmap-nse/tree/master/scripts You can read more about vulnerability and exploitation here: https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/ Take care, -- Vlatko Kosturjak - KoSt _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Identify RomPager rom-0 vulnerabilities Daniel Miller (Jan 06)
- Re: [NSE] Identify RomPager rom-0 vulnerabilities Paulino Calderon (Jan 06)
- Re: [NSE] Identify RomPager rom-0 vulnerabilities Daniel Miller (Jan 06)