what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from thecarterb

NETGEAR Administrator Password Disclosure

Posted Aug 31, 2024

Authored by Simon Kenin, thecarterb | Site metasploit.com

This Metasploit module will collect the password for the admin user. The exploit will not complete if password recovery is set on the router. The password is received by passing the token generated from unauth.cgi to passwordrecovered.cgi. This exploit works on many different NETGEAR products. The full list of affected products is available in the References section.

tags | exploit, cgi

advisories | CVE-2017-5521

SHA-256 | aa53592f4c2de5f7742c7914a0b26fa42e6e62f00e84c3a8ce2e442d825edf56

Download | Favorite | View

Netgear DGN2200 dnslookup.cgi Command Injection

Posted Jun 24, 2017

Authored by SivertPL, thecarterb | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.

tags | exploit

advisories | CVE-2017-6334

SHA-256 | 1fec4e5211012852df5a0c5522fb686d79ac9dee14476e919180c9eb884159d8

Download | Favorite | View

Netgear R7000 / R6400 cgi-bin Command Injection

Posted Mar 12, 2017

Authored by Acew0rm, thecarterb | Site metasploit.com

This Metasploit module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.2_1.1.93 and possibly earlier.

tags | exploit, arbitrary

advisories | CVE-2016-6277

SHA-256 | ae5f2b77fafd424ea3910ea75b0ae247dd68b625fdc6ab653347ced2ebc95424

Download | Favorite | View