Home page logo

bugtraq logo Bugtraq mailing list archives

Common consumer routers password disclosure
From: danieljcrteixeira () gmail com
Date: Fri, 5 Nov 2010 02:59:13 -0600

Date: 2010-11-03
Product:Embedded Web Server HTTP1.0
Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek 
Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, ZyXEL P-660RU-T1v3
Vulnerability Type: Password disclosure
Status: Not Fixed.
Risk level: Medium 
Credit: Daniel Teixeira

Vulnerability Details:

Common consumer routers Web Management Interface, allows internet access password disclosure simply by inspecting the 
DSL password <INPUT> field with development tools such as Safari Web Inspector or Firebug.

Demo: http://vimeo.com/16480521

  By Date           By Thread  

Current thread:
  • Common consumer routers password disclosure danieljcrteixeira (Nov 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]