Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Netis E1+ V1.2.32533 - WiFi Password Disclosure" module is designed to detect a vulnerability in the Netis E1+ V1.2.32533 software. This vulnerability allows remote unauthenticated users to disclose the WiFi password of the targeted device. The module is classified as a high-severity vulnerability.
If exploited, this vulnerability can lead to unauthorized access to the WiFi network, potentially compromising the security and privacy of the connected devices. Attackers can gain access to sensitive information transmitted over the network and even launch further attacks on the compromised devices.
The module works by sending an HTTP request to the targeted device. It checks for specific conditions in the response to determine if the vulnerability is present. The request template used by the module is as follows:
GET //netcore_get.cgi HTTP/1.1
Host: {%Hostname%}
Cookie: homeFirstShow=yes
The module then applies matching conditions to the response to confirm the presence of the vulnerability. It checks for a response status code of 200 and looks for specific keywords in the response body, such as "rp_ap_password" and "rp_ap_ssid". If these conditions are met, the module identifies the vulnerability.
It is important to address this vulnerability promptly to prevent unauthorized access to the WiFi network and protect the connected devices from potential security risks.