routersploit icon indicating copy to clipboard operation
routersploit copied to clipboard

Published 20 hours ago verified publisher icon threat9

Add a password reset module for TP-Link Archer routers (CVE-2017-11519)

Open axilirator opened this issue 3 years ago • 3 comments
trafficstars

Description

This module exploits password reset feature on some TP-Link Archer routers by leveraging a predictable random number generator seed.

For more details, see this write-up:

https://devcraft.io/posts/2017/07/21/tp-link-archer-c9-admin-password-reset.html

Based on PoC by William Bowling.

Status

READY

Verification

Provide steps to test or reproduce the PR.

  1. Start ./rsf.py
  2. use exploits/routers/tplink/archer_c9_admin_password_reset
  3. set target 192.168.0.1
  4. run
  5. admin's password should be reset to 'admin'

Checklist

  • [x] Write module/feature
  • [ ] Write tests (Example)
  • [ ] Document how it works (Example)

axilirator avatar Dec 08 '21 19:12 axilirator

As I understand it, this project has unfortunately died. It hasn't been updated since 2018 So I created a new branch and merged this PR. My suggestion is as follows: I am ready to store and accept a new PR in one place and merge it here if this project is still alive

GH0st3rs avatar Dec 27 '21 00:12 GH0st3rs

As I understand it, this project has unfortunately died. It hasn't been updated since 2018

This is sad news.

So I created a new branch and merged this PR.

Thank you!

axilirator avatar Feb 07 '22 16:02 axilirator

can we make your branch the new active one

s-b-repo avatar Nov 05 '23 00:11 s-b-repo