Categories: exploit, vuln, intrusive
A vulnerability has been discovered in WNR 1000 series that allows an attacker to retrieve administrator credentials with the router interface. Tested On Firmware Version(s): V220.127.116.11_60.0.86 (Latest) and V18.104.22.168_60.0.82NA
Vulnerability discovered by c1ph04.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragentSee the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
vulns.showallSee the documentation for the vulns library.
unittest.runSee the documentation for the unittest library.
nmap -sV --script http-vuln-wnr1000-creds <target> -p80
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-vuln-wnr1000-creds: | VULNERABLE: | Netgear WNR1000v3 Credential Harvesting Exploit | State: VULNERABLE (Exploitable) | IDs: None, 0-day | Description: | A vulnerability has been discovered in WNR 1000 series that allows an attacker | to retrieve administrator credentials with the router interface. | Tested On Firmware Version(s): V22.214.171.124_60.0.86 (Latest) and V126.96.36.199_60.0.82NA | Disclosure date: 26-01-2014 | References: |_ http://packetstormsecurity.com/files/download/124759/netgearpasswd-disclose.zip
Author: Paul AMAR <email@example.com>, Rob Nicholls
License: Same as Nmap--See http://nmap.org/book/man-legal.html