Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-vuln-wnr1000-creds

Script types: portrule
Categories: exploit, vuln, intrusive
Download: http://nmap.org/svn/scripts/http-vuln-wnr1000-creds.nse

User Summary

A vulnerability has been discovered in WNR 1000 series that allows an attacker to retrieve administrator credentials with the router interface. Tested On Firmware Version(s): V1.0.2.60_60.0.86 (Latest) and V1.0.2.54_60.0.82NA

Vulnerability discovered by c1ph04.

Script Arguments

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.showall

See the documentation for the vulns library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap -sV --script http-vuln-wnr1000-creds <target> -p80

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-vuln-wnr1000-creds: 
|   VULNERABLE:
|   Netgear WNR1000v3 Credential Harvesting Exploit
|     State: VULNERABLE (Exploitable)
|     IDs:  None, 0-day
|     Description:
|       A vulnerability has been discovered in WNR 1000 series that allows an attacker 
|       to retrieve administrator credentials with the router interface. 
|       Tested On Firmware Version(s): V1.0.2.60_60.0.86 (Latest) and V1.0.2.54_60.0.82NA
|     Disclosure date: 26-01-2014
|     References:
|_      http://packetstormsecurity.com/files/download/124759/netgearpasswd-disclose.zip

Requires


Author: Paul AMAR <aos.paul@gmail.com>, Rob Nicholls

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]