Netgear WNDAP350 versions 2.0.1 and 2.0.9 suffers from a remote root password and WPA2 key disclosure vulnerability.
cb5e3cabb4d54afcb646e5bcc9fe38768fc1bdbdea54fd02f0c0b642142df4c3
https://revspace.nl/RevelationSpace/NewsItem11x05x30x0
Summary:
* https://192.168.0.237/downloadFile.php reveals secrets
* https://192.168.0.237/BackupConfig.php reveals secrets
* Included in the exposed secrets: root password and WPA2 keys
* The PHPs do not require authentication
* Vulnerable versions: 2.0.1, 2.0.9 (latest)
--
Met vriendelijke groet, // Kind regards, // Korajn salutojn,
Juerd Waalboer <juerd@tnx.nl>
TNX