module

Netgear Unauthenticated SOAP Password Extractor

Try Surface Command
Back to search
Disclosed
2015-02-11
Created
2018-05-30

Description

This module exploits an authentication bypass vulnerability in different Netgear devices.
It allows to extract the password for the remote management interface. This module has been
tested on a Netgear WNDR3700v4 - V1.0.1.42, but other devices are reported as vulnerable:
NetGear WNDR3700v4 - V1.0.0.4SH, NetGear WNDR3700v4 - V1.0.1.52, NetGear WNR2200 - V1.0.1.88,
NetGear WNR2500 - V1.0.0.24, NetGear WNDR3700v2 - V1.0.1.14 (Tested by Paula Thomas),
NetGear WNDR3700v1 - V1.0.16.98 (Tested by Michal Bartoszkiewicz),
NetGear WNDR3700v1 - V1.0.7.98 (Tested by Michal Bartoszkiewicz),
NetGear WNDR4300 - V1.0.1.60 (Tested by Ronny Lindner),
NetGear R6300v2 - V1.0.3.8 (Tested by Robert Mueller),
NetGear WNDR3300 - V1.0.45 (Tested by Robert Mueller),
NetGear WNDR3800 - V1.0.0.48 (Tested by an Anonymous contributor),
NetGear WNR1000v2 - V1.0.1.1 (Tested by Jimi Sebree),
NetGear WNR1000v2 - V1.1.2.58 (Tested by Chris Boulton),
NetGear WNR2000v3 - v1.1.2.10 (Tested by h00die)

Authors

Peter Adkins peter.adkins@kernelpicnic.net
Michael Messner devnull@s3cur1ty.de
h00die mike@shorebreaksecurity.com

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/admin/http/netgear_soap_password_extractor
    msf auxiliary(netgear_soap_password_extractor) > show actions
        ...actions...
    msf auxiliary(netgear_soap_password_extractor) > set ACTION < action-name >
    msf auxiliary(netgear_soap_password_extractor) > show options
        ...show and set options...
    msf auxiliary(netgear_soap_password_extractor) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today