router firmwarecode 

looking at router firmware
issue 1: there's an unauthenticated api that sends you the wifi passwords
issue 2: its remotely accessable
issue 3: but dont worry because it's censored client-side, but the server sends you the full password so
issue 4: the code that censors the password looks like this computerfairi.es/media/bNX09DZ

router firmwarecode 

OH MY GOD THERE'S AN UNAUTHENTICATED API TO SET THE *ADMIN PASSWORD*
I SENT A REQUEST TO IT TO SEE HOW IT WOULD BOUNCE BECAUSE I THOUGHT "oh hey they wouldnt do that i wonder how it errors" BUT NO

$.post("BelkinAPI/DBPasswordSet", {"RequestID":6969,'PassWd':"im gay"}, console.log, "json")

THIS JUST SETS THE PASSWORD

router firmwarecode 

@boots Do you have to be inside the network for this to work, though?

router firmwarecode 

@boots What port is it over? That should be closed to the outside by default, right.

Follow

router firmwarecode 

@mdm it is, 8080
remote management is not on by default, but the router settings imply it's fine if you have an admin password set

router firmwarecode 

@boots Ah -- I knew I hated remote management for a reason. :P

router firmwarecode 

@mdm honestly, oem router firmware is just
always bad
like, i dont know any oem firmware that isn't the worst

Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!