routersploit icon indicating copy to clipboard operation
routersploit copied to clipboard

Published 20 hours ago verified publisher icon threat9

possibly netgear r7000_r6400_rce exploit shows vuln when not

Open mushu999 opened this issue 6 years ago • 0 comments

Steps to Reproduce (for bugs)

  1. latest fully firmware patched netgear R7000 nighthawk ac1900 router
  2. latest routersploit with updated pyasn1 on fully updated raspberry pi
  3. run routersploit against home network router IP address
  4. attempt exploit by browsing to http://[router-address]/cgi-bin/;uname$IFS-a
  5. a login screen pops up in browser which is what I believe is making the exploit code think it is vulnerable

Your Environment

  • RouterSploit Version used: 3.3.0
  • Operating System and version: Linux pi-hole 4.14.52-v7+ #1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux
  • Python Version: 3.5.3
  • Python Environment:
automationhat==0.1.0
bcrypt==3.1.4
blinker==1.3
blinkt==0.1.2
buttonshim==0.0.2
Cap1xxx==0.1.3
cffi==1.11.5
chardet==2.3.0
click==6.6
colorama==0.3.7
cryptography==1.7.1
drumhat==0.1.0
envirophat==1.0.0
ExplorerHAT==0.4.2
Flask==0.12.1
fourletterphat==0.1.0
future==0.16.0
gpiozero==1.4.1
idna==2.2
itsdangerous==0.24
jedi==0.10.2
Jinja2==2.8
keyring==10.1
keyrings.alt==1.3
MarkupSafe==0.23
mcpi==0.1.1
microdotphat==0.2.1
mote==0.0.3
motephat==0.0.2
numpy==1.12.1
oauthlib==2.0.1
pantilthat==0.0.6
paramiko==2.4.2
pgzero==1.2
phatbeat==0.1.1
pianohat==0.1.0
picamera==1.13
picraft==1.0
piglow==1.2.4
pigpio==1.38
Pillow==4.0.0
ply==3.11
pyasn1==0.4.4
pycparser==2.19
pycrypto==2.6.1
pycryptodome==3.6.6
pycryptodomex==3.6.6
pygame==1.9.3
pygobject==3.22.0
pyinotify==0.9.6
PyJWT==1.4.2
PyNaCl==1.3.0
pyOpenSSL==16.2.0
pyserial==3.2.1
pysmi==0.3.1
pysnmp==4.4.6
python-apt==1.1.0b5
pyxdg==0.25
rainbowhat==0.1.0
requests==2.12.4
requests-oauthlib==0.7.0
RPi.GPIO==0.6.3
RTIMULib==7.2.1
scrollphat==0.0.7
scrollphathd==1.2.1
SecretStorage==2.3.1
sense-emu==1.1
sense-hat==2.2.0
simplejson==3.10.0
six==1.10.0
skywriter==0.0.7
sn3218==1.2.7
spidev==3.3
thonny==2.1.16
touchphat==0.0.1
twython==3.4.0
unicornhathd==0.0.3
urllib3==1.19.1
Werkzeug==0.11.15

Current Behavior

  • routersploit detects vulnerability when there is none
  • suggest looking at the code in the exploit checker to see if it is doing it properly when router prompts for login creds

Expected Behavior

  • it should correctly say if the router is vulnerable

ref: https://kb.netgear.com/000036386/CVE-2016-582384

mushu999 avatar Sep 30 '18 19:09 mushu999