router firmwarecode
looking at router firmware
issue 1: there's an unauthenticated api that sends you the wifi passwords
issue 2: its remotely accessable
issue 3: but dont worry because it's censored client-side, but the server sends you the full password so
issue 4: the code that censors the password looks like this https://computerfairi.es/media/bNX09DZuQrxc6dynZTY
router firmwarecode
OH MY GOD THERE'S AN UNAUTHENTICATED API TO SET THE *ADMIN PASSWORD*
I SENT A REQUEST TO IT TO SEE HOW IT WOULD BOUNCE BECAUSE I THOUGHT "oh hey they wouldnt do that i wonder how it errors" BUT NO
$.post("BelkinAPI/DBPasswordSet", {"RequestID":6969,'PassWd':"im gay"}, console.log, "json")
THIS JUST SETS THE PASSWORD
router firmwarecode
@boots Do you have to be inside the network for this to work, though?
router firmwarecode
@mdm noooope
router firmwarecode
@boots What port is it over? That should be closed to the outside by default, right.
router firmwarecode
@mdm it is, 8080
remote management is not on by default, but the router settings imply it's fine if you have an admin password set
router firmwarecode
@boots Ah -- I knew I hated remote management for a reason. :P
