Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
NETGEAR Routers - Serial Number Disclosure
By kannthu
Medium
Vidoc Module
Vidoc Module#edb#netgear#exposure#iot#router
Description
Author: geeknik
Classification
CWE-ID: CWE-200
CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS-Score: 5.3
Multiple NETGEAR router models disclose their serial number which can be used to obtain the admin password if password recovery is enabled.
Reference
- https://www.exploit-db.com/exploits/47117
Metadata
max-request: 1
Module preview
Concurrent Requests (1)
1. HTTP Request template
GET/rootDesc.xml
Matching conditions
status: 200, 501and
word: <serialNumber>, <deviceType>, <modelNumb...and
word: text/xml
Passive global matcher
No matching conditions.
On match action
Report vulnerability