Date: 2010-11-03 Product:Embedded Web Server HTTP1.0 Vendors: AirLive ARM-204, AirLive WT-2000ARM, D-Link DVA-G3170i/PT, Edimax AR-7084ga, Huawei, Aolynk DR814Q, DrayTek Vigor2700 series, DrayTek Vigor2920 series, Thomson TG784, ZyXEL P-660RU-T1v3 Vulnerability Type: Password disclosure Status: Not Fixed. Risk level: Medium Credit: Daniel Teixeira Vulnerability Details: Common consumer routers Web Management Interface, allows internet access password disclosure simply by inspecting the DSL password <INPUT> field with development tools such as Safari Web Inspector or Firebug. Demo: http://vimeo.com/16480521
