Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
toh:netgear:telnet.console [2020/05/15 09:28] – Add D7000 as working aftoh:netgear:telnet.console [2021/08/29 15:37] – ↷ Links adapted because of a move operation tmomas
Line 13: Line 13:
   * DGN1000v3: Router Firmware Version V1.0.0.14_0.0.14 works, gives access to a BusyBox console w/o authentication   * DGN1000v3: Router Firmware Version V1.0.0.14_0.0.14 works, gives access to a BusyBox console w/o authentication
   * [[toh/netgear/dgnd3700|DGND3700v1/DGND3800B]]: < 3.0.0.8 works with original telnetenable over TCP; >= 3.0.0.8 works with any telnetenable patched for UDP   * [[toh/netgear/dgnd3700|DGND3700v1/DGND3800B]]: < 3.0.0.8 works with original telnetenable over TCP; >= 3.0.0.8 works with any telnetenable patched for UDP
-  * [[toh/netgear/netgear_ex2700|EX2700]]: firmware V1.0.1.8 works, gives access to root shell w/o authentication (telnetenable listens on UDP/23)+  * [[toh:netgear:ex2700|EX2700]]: firmware V1.0.1.8 works, gives access to root shell w/o authentication (telnetenable listens on UDP/23)
   * EX6100: Works with original telnetenable (TCP/23) with credentials super_username/super_passwd (not admin/password as one might think) or Gearguy/Geardog or both. Sometimes it doesn't unlock with first attempt (parser_enable?)   * EX6100: Works with original telnetenable (TCP/23) with credentials super_username/super_passwd (not admin/password as one might think) or Gearguy/Geardog or both. Sometimes it doesn't unlock with first attempt (parser_enable?)
   * EX6100v2: V1.0.1.50 works with new telnetenable (UDP/23). Use username "admin" with the password set in the web interface. Does NOT ask for username/password on login.   * EX6100v2: V1.0.1.50 works with new telnetenable (UDP/23). Use username "admin" with the password set in the web interface. Does NOT ask for username/password on login.
-  * [[toh:netgear:netgear_r6300_v2|R6300v2]]: Tested and working with telnetenable2 (UDP Windows 10 version) (Use web interface credentials instead of Gearguy/Geardog)+  * [[toh:netgear:r6300_v2|R6300v2]]: Tested and working with telnetenable2 (UDP Windows 10 version) (Use web interface credentials instead of Gearguy/Geardog)
   * R6700: V1.0.0.2_1.0.1 Tested and working with modified python script of telnetenable.   * R6700: V1.0.0.2_1.0.1 Tested and working with modified python script of telnetenable.
   * [[toh:netgear:r7000|R7000]]: Assumed to be working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64. V1.0.4.30_1.1.67 & V1.0.7.2_1.1.93 tested working with linux telnetenable from insanid github using web GUI credentials. Doesn't work with super_username & super_passwd nvram variables that are still present. Changing them does nothing. The telnet login ignores credentials (telnet -l //username// router_ip).   * [[toh:netgear:r7000|R7000]]: Assumed to be working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64. V1.0.4.30_1.1.67 & V1.0.7.2_1.1.93 tested working with linux telnetenable from insanid github using web GUI credentials. Doesn't work with super_username & super_passwd nvram variables that are still present. Changing them does nothing. The telnet login ignores credentials (telnet -l //username// router_ip).
-  * [[toh:netgear:netgear_r7500|R7500]]: V1.0.0.82 Tested and working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64.+  * [[toh:netgear:r7500|R7500]]: V1.0.0.82 Tested and working with modified python script of telnetenable, and modified telnetenable binary for linux x86-64.
   * WG602 (unknown version): [[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1002|assumed to work]]   * WG602 (unknown version): [[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1002|assumed to work]]
   * WGR614 v1-2: unknown; may work   * WGR614 v1-2: unknown; may work
Line 34: Line 34:
   * [[toh:netgear:WN2500RP_V1]] V1.0.0.30_1.0.58: use ./telnetenable 192.168.1.250 MACADDRESS Gearguy Geardog. On connection you should be dropped on a '#' prompt.   * [[toh:netgear:WN2500RP_V1]] V1.0.0.30_1.0.58: use ./telnetenable 192.168.1.250 MACADDRESS Gearguy Geardog. On connection you should be dropped on a '#' prompt.
   * WN3000RP v1: works; does not require username/password for login, but necessary for telnetenable (Geardog/Gearguy)   * WN3000RP v1: works; does not require username/password for login, but necessary for telnetenable (Geardog/Gearguy)
-  * [[toh:netgear:wndr3300]]: works. Does not require username/password for login.  On connection the '#' prompt is displayed.+  * [[toh:netgear:wndr3300_v1]]: works. Does not require username/password for login.  On connection the '#' prompt is displayed.
   * [[toh:netgear:WNDR3400|WNDR3400v2]] v1.0.0.16_1.0.34 works; does not ask for username/password on login. On connection you should be dropped on a '#' prompt.   * [[toh:netgear:WNDR3400|WNDR3400v2]] v1.0.0.16_1.0.34 works; does not ask for username/password on login. On connection you should be dropped on a '#' prompt.
   * [[toh:netgear:WNDR3700]] V1.0.7.98: known to work - does not ask for username/password. After connection you will be root at BusyBox v1.4.2.   * [[toh:netgear:WNDR3700]] V1.0.7.98: known to work - does not ask for username/password. After connection you will be root at BusyBox v1.4.2.
  • Last modified: 2024/04/18 13:49
  • by tboege