8

Let's say that I'm connected to some random Wi-Fi network and from that point I want to check the version of currently installed firmware, but let's exclude possibility of logging in with default credentials.

This made me think if I can determine router firmware version, that means that I can check if specific firmware is either vulnerable or not to the latest discovered KRACK vulnerability.

Example: WAC720/WAC730 Firmware Version 3.7.12.0, and changelog says:

Fixed security vulnerabilities in WPA2 handshake mechanism.

If it is possible, then how can be done that?

Mirsad
  • 10,005
  • 8
  • 33
  • 53
  • 2
    programmers are advised to use object detection instead of hard-coded white lists. iow: it's better to test for it than to sniff out a particular setup. – dandavis Oct 24 '17 at 06:25
  • 2
    hmm: actually, you might be able to tell from a copyright notice on the port 80 login page, ex: `/201(6|5|4|3|2|1)/` matching strongly suggests that it's unpatched since it wasn't known in say, 2015. I looked at three router landing pages's HTML and all three had dates. DOH! – dandavis Oct 24 '17 at 06:45

1 Answers1

1

The only way to interrogate in detail something like that would be to connect to the router using CLI, which for many routers is actually possible, but that would require the credentials of the router (or back-door credentials). This does not help much since the firmware version is most of the time displayed in the management GUI of the router also. Note that on some routers you do have access to the general information page without credentials, so this would be the only scenario where you could see a firmware version without admin login.

Overmind
  • 8,779
  • 3
  • 19
  • 28