|
1 | 1 | ## Vulnerable devices |
2 | 2 |
|
3 | | -Following is list of devices and firmware versions with known values used for exploitation |
4 | | -0. Azmoon AZ-D140W - 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1 |
5 | | -1. Billion BiPAC 5102S - Av2.7.0.23 (UE0.B1C) |
6 | | -2. Billion BiPAC 5102S - Bv2.7.0.23 (UE0.B1C) |
7 | | -3. Billion BiPAC 5200 - 2.11.84.0(UE2.C2)3.11.11.6 |
8 | | -4. Billion BiPAC 5200 - 2_11_62_2_ UE0.C2D_3_10_16_0 |
9 | | -5. Billion BiPAC 5200A - 2_10_5 _0(RE0.C2)3_6_0_0 |
10 | | -6. Billion BiPAC 5200A - 2_11_38_0 (RE0.C29)3_10_5_0 |
11 | | -7. Billion BiPAC 5200GR4 - 2.11.91.0(RE2.C29)3.11.11.52 |
12 | | -8. Billion BiPAC 5200SRD - 2.10.5.0 (UE0.C2C) 3.6.0.0 |
13 | | -9. Billion BiPAC 5200SRD - 2.12.17.0_UE2.C3_3.12.17.0 |
14 | | -10. Billion BiPAC 5200SRD - 2_11_62_2(UE0.C3D)3_11_11_22 |
15 | | -11. D-Link DSL-2520U - Z1 1.08 DSL-2520U_RT63261_Middle_East_ADSL |
16 | | -12. D-Link DSL-2600U - Z1_DSL-2600U |
17 | | -13. D-Link DSL-2600U - Z2_V1.08_ras |
18 | | -14. TP-Link TD-8616 - V2_080513 |
19 | | -15. TP-Link TD-8816 - V4_100528_Russia |
20 | | -16. TP-Link TD-8816 - V4_100524 |
21 | | -17. TP-Link TD-8816 - V5_100528_Russia |
22 | | -18. TP-Link TD-8816 - V5_100524 |
23 | | -19. TP-Link TD-8816 - V5_100903 |
24 | | -20. TP-Link TD-8816 - V6_100907 |
25 | | -21. TP-Link TD-8816 - V7_111103 |
26 | | -22. TP-Link TD-8816 - V7_130204 |
27 | | -23. TP-Link TD-8817 - V5_100524 |
28 | | -24. TP-Link TD-8817 - V5_100702_TR |
29 | | -25. TP-Link TD-8817 - V5_100903 |
30 | | -26. TP-Link TD-8817 - V6_100907 |
31 | | -27. TP-Link TD-8817 - V6_101221 |
32 | | -28. TP-Link TD-8817 - V7_110826 |
33 | | -29. TP-Link TD-8817 - V7_130217 |
34 | | -30. TP-Link TD-8817 - V7_120509 |
35 | | -31. TP-Link TD-8817 - V8_140311 |
36 | | -32. TP-Link TD-8820 - V3_091223 |
37 | | -33. TP-Link TD-8840T - V1_080520 |
38 | | -34. TP-Link TD-8840T - V2_100525 |
39 | | -35. TP-Link TD-8840T - V2_100702_TR |
40 | | -36. TP-Link TD-8840T - V2_090609 |
41 | | -37. TP-Link TD-8840T - V3_101208 |
42 | | -38. TP-Link TD-8840T - V3_110221 |
43 | | -39. TP-Link TD-8840T - V3_120531 |
44 | | -40. TP-Link TD-W8101G - V1_090107 |
45 | | -41. TP-Link TD-W8101G - V1_090107 |
46 | | -42. TP-Link TD-W8101G - V2_100819 |
47 | | -43. TP-Link TD-W8101G - V2_101015_TR |
48 | | -44. TP-Link TD-W8101G - V2_101101 |
49 | | -45. TP-Link TD-W8101G - V3_110119 |
50 | | -46. TP-Link TD-W8101G - V3_120213 |
51 | | -47. TP-Link TD-W8101G - V3_120604 |
52 | | -48. TP-Link TD-W8151N - V3_120530 |
53 | | -49. TP-Link TD-W8901G - V1_080522 |
54 | | -50. TP-Link TD-W8901G - V1,2_080522 |
55 | | -51. TP-Link TD-W8901G - V2_090113_Turkish |
56 | | -52. TP-Link TD-W8901G - V3_140512 |
57 | | -53. TP-Link TD-W8901G - V3_100603 |
58 | | -54. TP-Link TD-W8901G - V3_100702_TR |
59 | | -55. TP-Link TD-W8901G - V3_100901 |
60 | | -56. TP-Link TD-W8901G - V6_110119 |
61 | | -57. TP-Link TD-W8901G - V6_110915 |
62 | | -58. TP-Link TD-W8901G - V6_120418 |
63 | | -59. TP-Link TD-W8901G - V6_120213 |
64 | | -60. TP-Link TD-W8901GB - V3_100727 |
65 | | -61. TP-Link TD-W8901GB - V3_100820 |
66 | | -62. TP-Link TD-W8901N - V1_111211 |
67 | | -63. TP-Link TD-W8951ND - V1_101124,100723,100728 |
68 | | -64. TP-Link TD-W8951ND - V1_110907 |
69 | | -65. TP-Link TD-W8951ND - V1_111125 |
70 | | -66. TP-Link TD-W8951ND - V3.0_110729_FI |
71 | | -67. TP-Link TD-W8951ND - V3_110721 |
72 | | -68. TP-Link TD-W8951ND - V3_20110729_FI |
73 | | -69. TP-Link TD-W8951ND - V4_120511 |
74 | | -70. TP-Link TD-W8951ND - V4_120607 |
75 | | -71. TP-Link TD-W8951ND - V4_120912_FL |
76 | | -72. TP-Link TD-W8961NB - V1_110107 |
77 | | -73. TP-Link TD-W8961NB - V1_110519 |
78 | | -74. TP-Link TD-W8961NB - V2_120319 |
79 | | -75. TP-Link TD-W8961NB - V2_120823 |
80 | | -76. TP-Link TD-W8961ND - V1_100722,101122 |
81 | | -77. TP-Link TD-W8961ND - V1_101022_TR |
82 | | -78. TP-Link TD-W8961ND - V1_111125 |
83 | | -79. TP-Link TD-W8961ND - V2_120427 |
84 | | -80. TP-Link TD-W8961ND - V2_120710_UK |
85 | | -81. TP-Link TD-W8961ND - V2_120723_FI |
86 | | -82. TP-Link TD-W8961ND - V3_120524,120808 |
87 | | -83. TP-Link TD-W8961ND - V3_120830 |
88 | | -84. ZyXEL P-660R-T3 - 3.40(BOQ.0)C0 |
89 | | -85. ZyXEL P-660RU-T3 - 3.40(BJR.0)C0 |
| 3 | +The following devices and firmware versions are known to be vulnerable: |
90 | 4 |
|
91 | | -## Verification Steps |
| 5 | + * Azmoon AZ-D140W - 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1 |
| 6 | + * Billion BiPAC 5102S - Av2.7.0.23 (UE0.B1C) |
| 7 | + * Billion BiPAC 5102S - Bv2.7.0.23 (UE0.B1C) |
| 8 | + * Billion BiPAC 5200 - 2.11.84.0(UE2.C2)3.11.11.6 |
| 9 | + * Billion BiPAC 5200 - 2_11_62_2_ UE0.C2D_3_10_16_0 |
| 10 | + * Billion BiPAC 5200A - 2_10_5 _0(RE0.C2)3_6_0_0 |
| 11 | + * Billion BiPAC 5200A - 2_11_38_0 (RE0.C29)3_10_5_0 |
| 12 | + * Billion BiPAC 5200GR4 - 2.11.91.0(RE2.C29)3.11.11.52 |
| 13 | + * Billion BiPAC 5200SRD - 2.10.5.0 (UE0.C2C) 3.6.0.0 |
| 14 | + * Billion BiPAC 5200SRD - 2.12.17.0_UE2.C3_3.12.17.0 |
| 15 | + * Billion BiPAC 5200SRD - 2_11_62_2(UE0.C3D)3_11_11_22 |
| 16 | + * D-Link DSL-2520U - Z1 1.08 DSL-2520U_RT63261_Middle_East_ADSL |
| 17 | + * D-Link DSL-2600U - Z1_DSL-2600U |
| 18 | + * D-Link DSL-2600U - Z2_V1.08_ras |
| 19 | + * TP-Link TD-8616 - V2_080513 |
| 20 | + * TP-Link TD-8816 - V4_100528_Russia |
| 21 | + * TP-Link TD-8816 - V4_100524 |
| 22 | + * TP-Link TD-8816 - V5_100528_Russia |
| 23 | + * TP-Link TD-8816 - V5_100524 |
| 24 | + * TP-Link TD-8816 - V5_100903 |
| 25 | + * TP-Link TD-8816 - V6_100907 |
| 26 | + * TP-Link TD-8816 - V7_111103 |
| 27 | + * TP-Link TD-8816 - V7_130204 |
| 28 | + * TP-Link TD-8817 - V5_100524 |
| 29 | + * TP-Link TD-8817 - V5_100702_TR |
| 30 | + * TP-Link TD-8817 - V5_100903 |
| 31 | + * TP-Link TD-8817 - V6_100907 |
| 32 | + * TP-Link TD-8817 - V6_101221 |
| 33 | + * TP-Link TD-8817 - V7_110826 |
| 34 | + * TP-Link TD-8817 - V7_130217 |
| 35 | + * TP-Link TD-8817 - V7_120509 |
| 36 | + * TP-Link TD-8817 - V8_140311 |
| 37 | + * TP-Link TD-8820 - V3_091223 |
| 38 | + * TP-Link TD-8840T - V1_080520 |
| 39 | + * TP-Link TD-8840T - V2_100525 |
| 40 | + * TP-Link TD-8840T - V2_100702_TR |
| 41 | + * TP-Link TD-8840T - V2_090609 |
| 42 | + * TP-Link TD-8840T - V3_101208 |
| 43 | + * TP-Link TD-8840T - V3_110221 |
| 44 | + * TP-Link TD-8840T - V3_120531 |
| 45 | + * TP-Link TD-W8101G - V1_090107 |
| 46 | + * TP-Link TD-W8101G - V1_090107 |
| 47 | + * TP-Link TD-W8101G - V2_100819 |
| 48 | + * TP-Link TD-W8101G - V2_101015_TR |
| 49 | + * TP-Link TD-W8101G - V2_101101 |
| 50 | + * TP-Link TD-W8101G - V3_110119 |
| 51 | + * TP-Link TD-W8101G - V3_120213 |
| 52 | + * TP-Link TD-W8101G - V3_120604 |
| 53 | + * TP-Link TD-W8151N - V3_120530 |
| 54 | + * TP-Link TD-W8901G - V1_080522 |
| 55 | + * TP-Link TD-W8901G - V1,2_080522 |
| 56 | + * TP-Link TD-W8901G - V2_090113_Turkish |
| 57 | + * TP-Link TD-W8901G - V3_140512 |
| 58 | + * TP-Link TD-W8901G - V3_100603 |
| 59 | + * TP-Link TD-W8901G - V3_100702_TR |
| 60 | + * TP-Link TD-W8901G - V3_100901 |
| 61 | + * TP-Link TD-W8901G - V6_110119 |
| 62 | + * TP-Link TD-W8901G - V6_110915 |
| 63 | + * TP-Link TD-W8901G - V6_120418 |
| 64 | + * TP-Link TD-W8901G - V6_120213 |
| 65 | + * TP-Link TD-W8901GB - V3_100727 |
| 66 | + * TP-Link TD-W8901GB - V3_100820 |
| 67 | + * TP-Link TD-W8901N - V1_111211 |
| 68 | + * TP-Link TD-W8951ND - V1_101124,100723,100728 |
| 69 | + * TP-Link TD-W8951ND - V1_110907 |
| 70 | + * TP-Link TD-W8951ND - V1_111125 |
| 71 | + * TP-Link TD-W8951ND - V3.0_110729_FI |
| 72 | + * TP-Link TD-W8951ND - V3_110721 |
| 73 | + * TP-Link TD-W8951ND - V3_20110729_FI |
| 74 | + * TP-Link TD-W8951ND - V4_120511 |
| 75 | + * TP-Link TD-W8951ND - V4_120607 |
| 76 | + * TP-Link TD-W8951ND - V4_120912_FL |
| 77 | + * TP-Link TD-W8961NB - V1_110107 |
| 78 | + * TP-Link TD-W8961NB - V1_110519 |
| 79 | + * TP-Link TD-W8961NB - V2_120319 |
| 80 | + * TP-Link TD-W8961NB - V2_120823 |
| 81 | + * TP-Link TD-W8961ND - V1_100722,101122 |
| 82 | + * TP-Link TD-W8961ND - V1_101022_TR |
| 83 | + * TP-Link TD-W8961ND - V1_111125 |
| 84 | + * TP-Link TD-W8961ND - V2_120427 |
| 85 | + * TP-Link TD-W8961ND - V2_120710_UK |
| 86 | + * TP-Link TD-W8961ND - V2_120723_FI |
| 87 | + * TP-Link TD-W8961ND - V3_120524,120808 |
| 88 | + * TP-Link TD-W8961ND - V3_120830 |
| 89 | + * ZyXEL P-660R-T3 - 3.40(BOQ.0)C0 |
| 90 | + * ZyXEL P-660RU-T3 - 3.40(BJR.0)C0 |
92 | 91 |
|
93 | | - 1. Start msfconsole |
94 | | - 2. Do: ```use auxiliary/admin/http/allegro_rompager_auth_bypass``` |
95 | | - 3. Do: ```set rhost <ip>``` |
96 | | - 4. Do: ```set rport <port>``` |
97 | | - 5. Do: ```run``` |
98 | | - 6. You should be able to login into the device without authentication |
99 | | - |
100 | | -## Scenarios |
| 92 | +## Module usage |
| 93 | + |
| 94 | + This is an example run against TP-Link TD-8817 router: |
101 | 95 |
|
102 | | - Example run against TP-Link TD-8817: |
103 | 96 | ``` |
104 | | -msf > use auxiliary/admin/http/allegro_rompager_auth_bypass |
| 97 | +msf > use auxiliary/admin/http/allegro_rompager_auth_bypass |
105 | 98 | msf auxiliary(allegro_rompager_auth_bypass) > show options |
106 | 99 |
|
107 | 100 | Module options (auxiliary/admin/http/allegro_rompager_auth_bypass): |
|
0 commit comments