NetGear WNDR3300 affected

My NetGear WNDR3300 running Firmware V1.0.45 is vulnerable similar to my R6300 (#3) on the UPnP port (5000) using the path http://ROUTER-IP-ADDR:5000/soap/server_sa/.

I had UPnP enabled on my WNDR3300 and after turning it off it was no longer vulnerable as port 5000 was closed.
I never had UPnP enabled on my R6300 and even after enabling and disabling UPnP, port 5000 is still open and the router vulnerable.

Regards,
Robert Müller

[darkarnium]

Hi there,

Thank you for this additional information. I will test against a few devices I have for testing, and have a look through firmware this evening. I will update the document(s) accordingly later on today.

Regards,
Peter

[abliss]

Same story for the WNDR3400v3 running V1.0.0.20_1.0.28 . I had to edit the PoC to use the /soap/server_sa path.