Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

NETGEAR Routers - Serial Number Disclosure

By kannthu

Vidoc logoVidoc Module
Author: geeknik Classification CWE-ID: CWE-200 CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS-Score: 5.3 Multiple NETGEAR router models disclose their serial number which can be used to obtain the admin password if password recovery is enabled. Reference - Metadata max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200, 501and
word: <serialNumber>, <deviceType>, <modelNumb...and
word: text/xml
Passive global matcher
No matching conditions.
On match action
Report vulnerability