vendor:
WNR2000
by:
milw0rm.com
8,8
CVSS
HIGH
Unaudenticated Disclosure of WPA/WPA2 Password and Administrator Password
200
CWE
Product Name: WNR2000
Affected Version From: 1.2.0.8
Affected Version To: 1.2.0.8
Patch Exists: YES
Related CWE: N/A
CPE: h:netgear:wnr2000
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
Netgear WNR2000 Wireless Router Vulnerabilities
A vulnerability exists in the Netgear WNR2000 wireless router running firmware 1.2.0.8, which allows an unauthenticated attacker to disclose the WPA/WPA2 password and administrator password. By simply requesting http://netgear/router-info.htm and http://netgear/cgi-bin/router-info.htm, the router will respond with the WPA/WPA2 passphrase. Additionally, by requesting http://netgear/cgi-bin/NETGEAR_WNR2000.cfg, the attacker can skip the first 128 bytes and gain access to the stored system. Reverse engineering the weak admin password authentication scheme is left as an exercise to the reader.
Mitigation:
Ensure that the router is running the latest version of firmware and that all authentication credentials are strong and secure.
