Info disclosure — CVE-2020–9477

A vulnerability in the authentication functionality in the web-based interface of the HGA12R-02 router could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the plaintext password without any encryption. An attacker could use access to create a new user account or control the device.

Proof Of Concept —
First Step —

First start data capture during the router login process.

Second Step —

After the login you will verify in the data capture that you have access to the login and password in captured text.

Video —

https://vimeo.com/394697339