Common consumer routers password disclosure Nov 05 2010 08:59AM
danieljcrteixeira gmail com
Date: 2010-11-03
Product:Embedded Web Server HTTP1.0
Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, ZyXEL P-660RU-T1v3
Vulnerability Type: Password disclosure
Status: Not Fixed.
Risk level: Medium
Credit: Daniel Teixeira

Vulnerability Details:

Common consumer routers Web Management Interface, allows internet access password disclosure simply by inspecting the DSL password <INPUT> field with development tools such as Safari Web Inspector or Firebug.

Demo: http://vimeo.com/16480521

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus