Netgear DGN3500

[ghost]

The port is open and respond on request. I tried the option that show admin password too and it work, so it's confirmed.

[elvanderb]

Thank you, added :)

[gsxarne]

Hi,
i've tested my DGN3500 (Software V1.1.00.28_1.00.28GR) with telnet ( telnet routerip 32764“ ) and a portscan of the 32764 port and did not get a response.
I know another guy who has also a DGN3500 and also didnt get a response.

Greetings

[ghost]

Intresting, I have firmware V1.1.00.33_1.00.33
https://www.dropbox.com/s/l4n1ubq6hu6a2fh/screen.png

[gsxarne]

Ok... lesson learned: Never trust a Windows telnet client:

this on is from a qnap nas:

http://abload.de/img/screenshot2014-01-051g8uyu.png

[elvanderb]

Why people don't use the provided PoC?! :)

[enryIT]

Using this custom firmware http://alfie.altervista.org/amod/

probably not vulnerable (error: timed out)

[elvanderb]

Thank you :)
Could you do a pull request to add this solution to the list?

[looscillator]

Tested poc.py on DGN3500 (LAN Interface, did not test WAN)
affected international firmware versions:

V1.1.00.16_1.00.16
V1.1.00.22_1.00.22
V1.1.00.25_1.00.25
V1.1.00.28_1.00.28
V1.1.00.33_1.00.33

http://kb.netgear.com/app/answers/detail/a_id/2649

[nremond]

Using http://alfie.altervista.org/amod/ fixed it for me. Great firmware.

[elvanderb]

I'll add it to the possible fixes, thanks ;)

[enryIT]

already did that 12 days ago :D

[elvanderb]

This wasn't listed in the possible solutions :)
I'll add your comment in the credits ;)