Netis E1+ V1.2.32533 - WiFi Password Disclosure

What is the "Netis E1+ V1.2.32533 - WiFi Password Disclosure" module?

The "Netis E1+ V1.2.32533 - WiFi Password Disclosure" module is designed to detect a vulnerability in the Netis E1+ V1.2.32533 software. This vulnerability allows remote unauthenticated users to disclose the WiFi password of the targeted device. The module is classified as a high-severity vulnerability.

Impact

If exploited, this vulnerability can lead to unauthorized access to the WiFi network, potentially compromising the security and privacy of the connected devices. Attackers can gain access to sensitive information transmitted over the network and even launch further attacks on the compromised devices.

How does the module work?

The module works by sending an HTTP request to the targeted device. It checks for specific conditions in the response to determine if the vulnerability is present. The request template used by the module is as follows:

GET //netcore_get.cgi HTTP/1.1
Host: {%Hostname%}
Cookie: homeFirstShow=yes

The module then applies matching conditions to the response to confirm the presence of the vulnerability. It checks for a response status code of 200 and looks for specific keywords in the response body, such as "rp_ap_password" and "rp_ap_ssid". If these conditions are met, the module identifies the vulnerability.

It is important to address this vulnerability promptly to prevent unauthorized access to the WiFi network and protect the connected devices from potential security risks.