Various routers such as the AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, and ZyXEL P-660RU-T1v3 re-embed the password in a hidden field of the web management interface.
c834792f6018eb0bbf413092b9ac178bde5b3dfba17992207e84bbb00f34d14c
Date: 2010-11-03
Product:Embedded Web Server HTTP1.0
Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, ZyXEL P-660RU-T1v3
Vulnerability Type: Password disclosure
Status: Not Fixed.
Risk level: Medium
Credit: Daniel Teixeira
Vulnerability Details:
Common consumer routers Web Management Interface, allows internet access password disclosure simply by inspecting the DSL password <INPUT> field with development tools such as Safari Web Inspector or Firebug.
Demo: http://vimeo.com/16480521