Nmap Development mailing list archives
[NSE] Identify RomPager rom-0 vulnerabilities
From: Vlatko Kosturjak <kost () linux hr>
Date: Sun, 5 Jul 2015 16:40:28 +0200
Hello! These NSE scripts identify simple, but dangerous vulnerabilities present on many network devices which are using RomPager Embedded Web Server. Attacker is able to get your ISP password, wireless password and other sensitive information by issuing single HTTP GET request to ‘/rom-0′ URI. Mentioned information disclosure is present in RomPager Embedded Web Server. Affected devices include ZTE, TP-Link, ZynOS, Huawei and many others. Vulnerability was published in 2014 (by looking at CVE), but I see lot of people don’t know about it: mainly because there was no hype about it and most of the popular vulnerability scanners failed in identifying it. So, I hope this vulnerability will get better treatment after these NSE scripts. NSE scripts are also available here: https://github.com/kost/nmap-nse/tree/master/scripts You can read more about vulnerability and exploitation here: https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/ Take care, -- Vlatko Kosturjak - KoSt
Attachment:
http-rompager-rom0.nse
Description:
Attachment:
http-rompager-xss.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Identify RomPager rom-0 vulnerabilities Vlatko Kosturjak (Jul 05)