exozyme/exozyme
7
12
Fork 0
Code Issues 4 Pull requests Projects Releases 39 Wiki Activity

IPv6 doesn't work outside the LAN #105

New issue
Closed
opened 2022-02-01 17:32:26 +00:00 by a · 15 comments
a commented 2022-02-01 17:32:26 +00:00
Owner
Copy link

This likely has to do with our Netgear RAX45 router. I suspect it's firewalling incoming IPv6 traffic to exozyme.

This likely has to do with our Netgear RAX45 router. I suspect it's firewalling incoming IPv6 traffic to exozyme.
a added the
bug
 label 2022-02-01 17:32:26 +00:00
a self-assigned this 2022-02-01 17:32:26 +00:00
a added this to the (deleted) project 2022-02-01 17:32:26 +00:00
a commented 2022-02-01 22:29:18 +00:00
Author
Owner
Copy link

This is why: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/IPv6-Firewall/td-p/1153899

This is why: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/IPv6-Firewall/td-p/1153899
a commented 2022-02-01 23:06:57 +00:00
Author
Owner
Copy link

I'll have to remove our domain's AAAA entry for now, since the router doesn't have any alternative custom firmware available at the moment and I don't know how to enable telnet for it.

I'll have to remove our domain's AAAA entry for now, since the router doesn't have any alternative custom firmware available at the moment and I don't know how to enable telnet for it.
a commented 2022-02-01 23:08:06 +00:00
Author
Owner
Copy link

https://openwrt.org/inbox/toh/netgear/netgear_rax40 doesn't support it 😭

https://openwrt.org/inbox/toh/netgear/netgear_rax40 doesn't support it 😭
a commented 2022-02-02 17:01:54 +00:00
Author
Owner
Copy link

Time to hack the router? https://www.tomsguide.com/news/netgear-router-patches-nov21

Time to hack the router? https://www.tomsguide.com/news/netgear-router-patches-nov21
a commented 2022-02-02 21:33:59 +00:00
Author
Owner
Copy link

Here's some example code for the CVE: https://github.com/grimm-co/NotQuite0DayFriday/blob/trunk/2021.11.16-netgear-upnp/upnp_uuid_exploit.py

We have a RAX45 with firmware 1.0.0.30, so we can try modifying that code above to work with this router. We'll probably have to use a disassembler on the firmware to extract the location of the gadgets.

Here's some example code for the [CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34991): https://github.com/grimm-co/NotQuite0DayFriday/blob/trunk/2021.11.16-netgear-upnp/upnp_uuid_exploit.py We have a RAX45 with firmware [1.0.0.30](https://kb.netgear.com/000061801/RAX45-Firmware-Version-1-0-0-30), so we can try modifying that code above to work with this router. We'll probably have to use a disassembler on the firmware to extract the location of the gadgets.
a commented 2022-02-02 21:34:40 +00:00
Author
Owner
Copy link

I tried the same technique in this article but the router is probably too new and no longer has the Telnet backdoor.

I tried the same technique in [this article](https://www.electricbrain.com.au/pages/netgear-nighthawk-rax40.php) but the router is probably too new and no longer has the Telnet backdoor.
a added this to the v8.0 milestone 2022-02-13 19:37:33 +00:00
a removed this from the v8.0 milestone 2022-02-15 01:57:59 +00:00
a commented 2022-02-20 02:18:02 +00:00
Author
Owner
Copy link

Maybe I'll try hacking the router over this break...

Maybe I'll try hacking the router over this break...
a commented 2022-03-13 17:42:02 +00:00
Author
Owner
Copy link

I'm giving it a try!

I'm giving it a try!
a commented 2022-03-13 17:49:34 +00:00
Author
Owner
Copy link

Welp TelnetEnable doesn't work even with the lowest firmware.

Welp [TelnetEnable](https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/linux/telnet/netgear_telnetenable) doesn't work even with the lowest firmware.
a commented 2022-03-13 22:11:06 +00:00
Author
Owner
Copy link

Here are some interesting articles:

Here are some interesting articles: * https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html * https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html * https://blog.grimm-co.com/2020/06/soho-device-exploitation.html
a commented 2022-03-13 22:11:24 +00:00
Author
Owner
Copy link

https://github.com/grimm-co/NotQuite0DayFriday has a lot of helpful resources too.

https://github.com/grimm-co/NotQuite0DayFriday has a lot of helpful resources too.
a added the
help wanted
security
 labels 2022-03-13 22:11:37 +00:00
a commented 2022-04-17 02:40:33 +00:00
Author
Owner
Copy link

My ISP also has unreliably sketchy IPv6 support so this issue might be pretty difficult to deal with.

My ISP also has unreliably sketchy IPv6 support so this issue might be pretty difficult to deal with.
a added the
wontfix
 label 2022-04-18 21:30:07 +00:00
a commented 2022-04-18 21:30:43 +00:00
Author
Owner
Copy link

I'm updating the router to the latest version of the firmware because it's being wonky right now. Labelling this as wontfix for now and closing and I'll revisit this in the future if I have time.

I'm updating the router to the latest version of the firmware because it's being wonky right now. Labelling this as wontfix for now and closing and I'll revisit this in the future if I have time.
a closed this issue 2022-04-18 21:30:43 +00:00
a commented 2022-06-24 23:20:54 +00:00
Author
Owner
Copy link

We have a new router now. Let's try this again.

We have a new router now. Let's try this again.
a reopened this issue 2022-06-24 23:20:54 +00:00
a commented 2022-06-25 02:27:46 +00:00
Author
Owner
Copy link

Alright, I disabled the new router's IPv6 firewall 😱 so this should be fixed now!

Alright, I disabled the new router's IPv6 firewall 😱 so this should be fixed now!
a closed this issue 2022-06-25 02:27:46 +00:00
a added this to the v9.0 milestone 2022-06-25 18:08:17 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v9.0
v8.8
v8.7
v8.6
v8.5
v8.4
v8.3
v8.2
v8.1
v8.0
v7.10
v7.9
v7.8
v7.7
v7.6
v7.5
v7.4
v7.3
v7.2
v7.1
v7.0
v6.1
v6.0
v5.1
v5.0
v4.2
v4.1
v4.0
v3.0
v2.5
v2.4
v2.3
v2.2
v2.1
v2.0
v1.3
v1.2
v1.1
v1.0
v0.3-beta
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
security

Security vulnerability

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No milestone
v9.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
a
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: exozyme/exozyme#105
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?