router firmwarecode 

looking at router firmware
issue 1: there's an unauthenticated api that sends you the wifi passwords
issue 2: its remotely accessable
issue 3: but dont worry because it's censored client-side, but the server sends you the full password so
issue 4: the code that censors the password looks like this computerfairi.es/media/bNX09DZ

router firmwarecode 

OH MY GOD THERE'S AN UNAUTHENTICATED API TO SET THE *ADMIN PASSWORD*
I SENT A REQUEST TO IT TO SEE HOW IT WOULD BOUNCE BECAUSE I THOUGHT "oh hey they wouldnt do that i wonder how it errors" BUT NO

$.post("BelkinAPI/DBPasswordSet", {"RequestID":6969,'PassWd':"im gay"}, console.log, "json")

THIS JUST SETS THE PASSWORD

router firmwarecode 

@boots

Is there an API method to turn on remote management, too?

Because if so, you might want to get in touch with people who can make sure critical level cert advisories get published...

Follow

router firmwarecode 

@ghedipunk well, not if you're outside the network, because youd have to be able to access it to do it

router firmwarecode 

@boots

*I* don't have to be inside of your network to get your browser to execute arbitrary Javascript to send POST requests to your router.

I don't even have to get you to visit my site; I just put the code in an ad, and let the ad networks pwn the Belkin owners for me.

router firmwarecode 

@ghedipunk well, i dont know if it has anti-csrf, but...

Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!