Rapid7 Vulnerability & Exploit Database

Netgear Unauthenticated SOAP Password Extractor

Back to Search

Netgear Unauthenticated SOAP Password Extractor



This module exploits an authentication bypass vulnerability in different Netgear devices. It allows to extract the password for the remote management interface. This module has been tested on a Netgear WNDR3700v4 - V1.0.1.42, but other devices are reported as vulnerable: NetGear WNDR3700v4 - V1.0.0.4SH, NetGear WNDR3700v4 - V1.0.1.52, NetGear WNR2200 - V1.0.1.88, NetGear WNR2500 - V1.0.0.24, NetGear WNDR3700v2 - V1.0.1.14 (Tested by Paula Thomas), NetGear WNDR3700v1 - V1.0.16.98 (Tested by Michal Bartoszkiewicz), NetGear WNDR3700v1 - V1.0.7.98 (Tested by Michal Bartoszkiewicz), NetGear WNDR4300 - V1.0.1.60 (Tested by Ronny Lindner), NetGear R6300v2 - V1.0.3.8 (Tested by Robert Mueller), NetGear WNDR3300 - V1.0.45 (Tested by Robert Mueller), NetGear WNDR3800 - V1.0.0.48 (Tested by an Anonymous contributor), NetGear WNR1000v2 - V1.0.1.1 (Tested by Jimi Sebree), NetGear WNR1000v2 - V1.1.2.58 (Tested by Chris Boulton), NetGear WNR2000v3 - v1.1.2.10 (Tested by h00die)


  • Peter Adkins <peter.adkins@kernelpicnic.net>
  • Michael Messner <devnull@s3cur1ty.de>
  • h00die <mike@shorebreaksecurity.com>


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/admin/http/netgear_soap_password_extractor
msf auxiliary(netgear_soap_password_extractor) > show actions
msf auxiliary(netgear_soap_password_extractor) > set ACTION < action-name >
msf auxiliary(netgear_soap_password_extractor) > show options
    ...show and set options...
msf auxiliary(netgear_soap_password_extractor) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security