netgear DG934G - vulnerable

Question

netgear DG934G - vulnerable

jmgunn87 opened this issue 11 years ago · comments

James Marshall-Gunn commented 11 years ago

below is the poc script output

probably not vulnerable (error: timed out)

although with telnet you get this

telnet 192.168.0.1 32764
Trying 192.168.0.1...
Connected to www.routerlogin.com.
Escape character is '^]'.

MMcS��Connection closed by foreign host.

I have been playing around with this in node here is a script, all commands are available to me (1-13)
https://gist.github.com/jmgunn87/8573239

Eloi Benoist-Vanderbeken · Answer 1 · Thu Jan 23 2014 17:07:58 GMT+0800 (China Standard Time)

Did you try to increase the timeout parameter?
The default is 1 second, it might cause some problems.

James Marshall-Gunn · Answer 2 · Fri Jan 24 2014 00:40:59 GMT+0800 (China Standard Time)

it was very late last night when I did this, I ran the script against the wrong ip address(the default is 192.168.1.1 mine is 0.1)! The script does indeed tell me I am vulnerable! Thanks for finding this exploit and sharing it, great work.

Eloi Benoist-Vanderbeken · Answer 3 · Fri Jan 24 2014 05:11:59 GMT+0800 (China Standard Time)

thank you ;)