This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.
a5eae45f8004a3a4b9959a2fb2174fae1431d896302f66af21a6c07750294f7b
This exploit lets your extract the ARRIS DG860A NVRAM backup where password information is stored in plain text.
5017f2e38a000e389ed35e33f98d69940a068ef699bb039cef9ec919fd229db5
This is a ruby script that will generate the default WPS PIN for the Arris DG860A providing you know the HFC MAC address.
c7863af7c0b63cc7a8a7a00ecdafdfa05079ac5aeba5d78d1c4963d298c65f84