router firmwarecode
looking at router firmware
issue 1: there's an unauthenticated api that sends you the wifi passwords
issue 2: its remotely accessable
issue 3: but dont worry because it's censored client-side, but the server sends you the full password so
issue 4: the code that censors the password looks like this https://computerfairi.es/media/bNX09DZuQrxc6dynZTY
router firmwarecode
OH MY GOD THERE'S AN UNAUTHENTICATED API TO SET THE *ADMIN PASSWORD*
I SENT A REQUEST TO IT TO SEE HOW IT WOULD BOUNCE BECAUSE I THOUGHT "oh hey they wouldnt do that i wonder how it errors" BUT NO
$.post("BelkinAPI/DBPasswordSet", {"RequestID":6969,'PassWd':"im gay"}, console.log, "json")
THIS JUST SETS THE PASSWORD
router firmwarecode
@boots Do you have to be inside the network for this to work, though?
router firmwarecode
@mdm noooope
router firmwarecode
@boots What port is it over? That should be closed to the outside by default, right.
router firmwarecode
@mdm honestly, oem router firmware is just
always bad
like, i dont know any oem firmware that isn't the worst
router firmwarecode
@boots Ah -- I knew I hated remote management for a reason. :P