| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| toh:netgear:telnet.console [2019/12/25 13:56] – add netgear wn2500rp_v1 as supported walterav | toh:netgear:telnet.console [2021/08/29 15:37] – ↷ Links adapted because of a move operation tmomas |
|---|
| |
| * DC112a v1: Works with UDP of version TelnetEnable and adminstration admin/pw, telnet does not require password. | * DC112a v1: Works with UDP of version TelnetEnable and adminstration admin/pw, telnet does not require password. |
| | * D7000 v1: Works with http unlock and telnet, using normal admin user-id and password. |
| * DGN1000v3: Router Firmware Version V1.0.0.14_0.0.14 works, gives access to a BusyBox console w/o authentication | * DGN1000v3: Router Firmware Version V1.0.0.14_0.0.14 works, gives access to a BusyBox console w/o authentication |
| * [[toh/netgear/dgnd3700|DGND3700v1/DGND3800B]]: < 3.0.0.8 works with original telnetenable over TCP; >= 3.0.0.8 works with any telnetenable patched for UDP | * [[toh/netgear/dgnd3700|DGND3700v1/DGND3800B]]: < 3.0.0.8 works with original telnetenable over TCP; >= 3.0.0.8 works with any telnetenable patched for UDP |
| * [[toh/netgear/netgear_ex2700|EX2700]]: firmware V1.0.1.8 works, gives access to root shell w/o authentication (telnetenable listens on UDP/23) | * [[toh:netgear:ex2700|EX2700]]: firmware V1.0.1.8 works, gives access to root shell w/o authentication (telnetenable listens on UDP/23) |
| * EX6100: Works with original telnetenable (TCP/23) with credentials super_username/super_passwd (not admin/password as one might think) or Gearguy/Geardog or both. Sometimes it doesn't unlock with first attempt (parser_enable?) | * EX6100: Works with original telnetenable (TCP/23) with credentials super_username/super_passwd (not admin/password as one might think) or Gearguy/Geardog or both. Sometimes it doesn't unlock with first attempt (parser_enable?) |
| * EX6100v2: V1.0.1.50 works with new telnetenable (UDP/23). Use username "admin" with the password set in the web interface. Does NOT ask for username/password on login. | * EX6100v2: V1.0.1.50 works with new telnetenable (UDP/23). Use username "admin" with the password set in the web interface. Does NOT ask for username/password on login. |
| * [[toh:netgear:netgear_r6300_v2|R6300v2]]: Tested and working with telnetenable2 (UDP Windows 10 version) (Use web interface credentials instead of Gearguy/Geardog) | * [[toh:netgear:r6300_v2|R6300v2]]: Tested and working with telnetenable2 (UDP Windows 10 version) (Use web interface credentials instead of Gearguy/Geardog) |
| * R6700: V1.0.0.2_1.0.1 Tested and working with modified python script of telnetenable. | * R6700: V1.0.0.2_1.0.1 Tested and working with modified python script of telnetenable. |
| * [[toh:netgear:r7000|R7000]]: Assumed to be working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64. V1.0.4.30_1.1.67 & V1.0.7.2_1.1.93 tested working with linux telnetenable from insanid github using web GUI credentials. Doesn't work with super_username & super_passwd nvram variables that are still present. Changing them does nothing. The telnet login ignores credentials (telnet -l //username// router_ip). | * [[toh:netgear:r7000|R7000]]: Assumed to be working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64. V1.0.4.30_1.1.67 & V1.0.7.2_1.1.93 tested working with linux telnetenable from insanid github using web GUI credentials. Doesn't work with super_username & super_passwd nvram variables that are still present. Changing them does nothing. The telnet login ignores credentials (telnet -l //username// router_ip). |
| * [[toh:netgear:netgear_r7500|R7500]]: V1.0.0.82 Tested and working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64. | * [[toh:netgear:r7500|R7500]]: V1.0.0.82 Tested and working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64. |
| * WG602 (unknown version): [[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1002|assumed to work]] | * WG602 (unknown version): [[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1002|assumed to work]] |
| * WGR614 v1-2: unknown; may work | * WGR614 v1-2: unknown; may work |
| * WGT624 v2, v3: works | * WGT624 v2, v3: works |
| * WGT624 V3H1: works (after 6-12 try, reboot, try again cycles) | * WGT624 V3H1: works (after 6-12 try, reboot, try again cycles) |
| * [[toh:netgear:wn2500rp_v1]] v1.0.2.10: use ./telnetenable 192.168.1.250 MACADDRESS Gearguy Geardog. On connection you should be dropped on a '#' prompt. | * [[toh:netgear:WN2500RP_V1]] V1.0.0.30_1.0.58: use ./telnetenable 192.168.1.250 MACADDRESS Gearguy Geardog. On connection you should be dropped on a '#' prompt. |
| * WN3000RP v1: works; does not require username/password for login, but necessary for telnetenable (Geardog/Gearguy) | * WN3000RP v1: works; does not require username/password for login, but necessary for telnetenable (Geardog/Gearguy) |
| * [[toh:netgear:wndr3300]]: works. Does not require username/password for login. On connection the '#' prompt is displayed. | * [[toh:netgear:wndr3300_v1]]: works. Does not require username/password for login. On connection the '#' prompt is displayed. |
| * [[toh:netgear:WNDR3400|WNDR3400v2]] v1.0.0.16_1.0.34 works; does not ask for username/password on login. On connection you should be dropped on a '#' prompt. | * [[toh:netgear:WNDR3400|WNDR3400v2]] v1.0.0.16_1.0.34 works; does not ask for username/password on login. On connection you should be dropped on a '#' prompt. |
| * [[toh:netgear:WNDR3700]] V1.0.7.98: known to work - does not ask for username/password. After connection you will be root at BusyBox v1.4.2. | * [[toh:netgear:WNDR3700]] V1.0.7.98: known to work - does not ask for username/password. After connection you will be root at BusyBox v1.4.2. |