Why can't I access hidden webpages within my modem?

sirmx100 · ‎2018-05-23

Hi, Can anyone tell me if there are additional logins for CM1000 modems besides 192.168.100.1 ? I have Xfinity as my ISP. I did a small scan on the modem itself and was able uncover these pages however when I navigate to them it's a blank white page and these are running off of the port 8080 and not 80.

antinode · ‎2018-05-23

> [...] I did a small scan on the modem itself [...]

   That was tantalizingly vague.

> [...] was able uncover these pages however when I navigate to them
> it's a blank white page [...]

   Perhaps that's because they're not (whole) web pages. You might as
well ask why you can't drive your car's oil filter down the street by
itself. It works as part of the whole car, not on its own.

   I would expect any ".gif", ".jpg", and ".png"/".PNG" images to be
displayed, however.

sirmx100 · ‎2018-05-23

>[....] That was tantalizingly vague. [....]

Are you really that simple?

>[....] Perhaps that's because they're not (whole) web pages. You might as
well ask why you can't drive your car's oil filter down the street by
itself. It works as part of the whole car, not on its own. [....]

Do you even understand how an application renders? Are you telling me Netgear's development engineers have broken applications within their production equipment?

>NOTES:

Dont reply sounding rude if you dont even know what you're talking about.
If I need to define 'scan' for you because it's vague than please sell your equipment.

Please see below and don't make assumptions.. You dont know what this is:

<html><head><title>Target analysis</title>
<meta http-equiv="Content-Security-Policy" content="default-src 'none';img-src 'self' data:;style-src 'unsafe-inline'" />
<style type="text/css">
H1 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 1.6em; font-weight: bold; line-height: 1.0em; }
H2 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: bold; line-height: 1.0em; }
* { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 0.95em; }
</style>
</head>
<body>
<h1>Target analysis</h1>Report generated by <a href="https://portswigger.net/burp/">Burp Suite</a> at Wed May 23 14:08:23 EDT 2018.<br><br>
<h2>Target</h2><ul><li>http://192.168.100.1/</li></ul><h2>Summary</h2><ul><li>Number of dynamic URLs: 8</li><li>Number of static URLs: 49</li><li>Number of parameters: 48</li><li>Number of unique parameter names: 34</li></ul><h2>Dynamic URLs</h2><ul><li>http://192.168.100.1/</li><ul><li>auto_block=0</li><li>curlang=Auto</li><li>first_brs_lang=English</li><li>gui_lang=English</li><li>gui_lang_local=</li><li>local_srptlang=Auto%2bEnglish%2bDeutsch%2b%253f%253f%2b%253f%253f%253f%253f%253f%253f%253f%253f%253f%253f%253f%2bEspanol%2bPolski%2bFrancais%2bItaliano%2bSvenska%2bDansk%2bNederlands%2b%253f%25ce%25bb%25ce%25bb%25ce%25b7%25ce%25bd%25ce%25b9%25ce%25ba%253f%2bNorsk%2b%253fe%253ftina%2bSloven%253f%253fina%2bPortugues%2bMagyar%2bRoman%253f%2bSuomi%2bSloven%253fina%2bTurkiye%2b%253f%253f%253f%253e%250a%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%2b%253cinput%2btype%253d</li><li>select_region=</li></ul><li>http://192.168.100.1/DashBoard.asp</li><ul><li>Internet_Status=0</li><li>PC_Result=0</li><li>PC_Support=0</li><li>RS_Result=0</li><li>Radio_Result=0</li><li>Security_Result=0</li><li>Voice_Result=0</li><li>WanConnType=</li><li>curlang=English</li></ul><li>http://192.168.100.1/RouterStatus.asp</li><ul><li>curlang=English</li></ul><li>http://192.168.100.1/SetPassword.asp</li><ul><li>session=c2a43c318c5f665bac6d</li></ul><li>http://192.168.100.1/goform/DocsisStatus</li><ul><li>Apply=Apply</li><li>RetailSessionId=4f1842089a41e3fc396e</li><li>Startupfreq=657000000</li><li>buttonHit=</li><li>buttonValue=</li><li>session=5bd22db29ee371abde17</li></ul><li>http://192.168.100.1/goform/RouterStatus</li><ul><li>RetailSessionId=98f62e13faabb33dbc5e</li><li>RsReboot=</li><li>buttonSelect=0</li><li>enable_apmode=0</li><li>session=77904bbf6f863781923e</li><li>wantype=dhcp</li></ul><li>http://192.168.100.1/goform/EventLog</li><ul><li>RetailSessionId=06fa25f52cf08109c383</li><li>buttonHit=</li><li>buttonValue=</li><li>clear_log=Clear+Log</li><li>session=a89f0e734b88eb996337</li></ul><li>http://192.168.100.1/goform/SetPassword</li><ul><li>Apply=Apply</li><li>RetailSessionId=338ba4142830dafad71d</li><li>answer1=+</li><li>answer2=+</li><li>buttonHit=Apply</li><li>buttonValue=Apply</li><li>question1=0</li><li>question2=0</li><li>session=c2a43c318c5f665bac6d</li><li>sysConfirmPasswd=DDDD</li><li>sysNewPasswd=DDDD</li><li>sysOldPasswd=AAAA</li><li>timestamp_value=Wed+May+23+2018+13%3A54%3A49+GMT-0400+%28EDT%29</li></ul></ul><h2>Static URLs</h2><ul><li>http://192.168.100.1/script/index.html</li><li>http://192.168.100.1/script/</li><li>http://192.168.100.1/css/</li><li>http://192.168.100.1/img/</li><li>http://192.168.100.1/DocsisStatus.asp</li><li>http://192.168.100.1/WirelessSettings.asp</li><li>http://192.168.100.1/RgAttachedDevices.asp</li><li>http://192.168.100.1/USBBasic.asp</li><li>http://192.168.100.1/GuestNetwork.asp</li><li>http://192.168.100.1/EventLog.asp</li><li>http://192.168.100.1/GplRev1.asp</li><li>http://192.168.100.1/WIZ_sel.htm</li><li>http://192.168.100.1/AddWPSClient.asp</li><li>http://192.168.100.1/BasicSettingsBottom.asp</li><li>http://192.168.100.1/WANSetup.asp</li><li>http://192.168.100.1/LANSetup.asp</li><li>http://192.168.100.1/USBAdv.asp</li><li>http://192.168.100.1/UPnPMedia.asp</li><li>http://192.168.100.1/USBPrinter.asp</li><li>http://192.168.100.1/AccessControl.asp</li><li>http://192.168.100.1/BlockSites.asp</li><li>http://192.168.100.1/Services.asp</li><li>http://192.168.100.1/BlockServices.asp</li><li>http://192.168.100.1/Schedule.asp</li><li>http://192.168.100.1/Email.asp</li><li>http://192.168.100.1/DocsisSettings.asp</li><li>http://192.168.100.1/Logs.asp</li><li>http://192.168.100.1/BackupSettings.asp</li><li>http://192.168.100.1/Diagnostics.asp</li><li>http://192.168.100.1/WirelessRadarChList.asp</li><li>http://192.168.100.1/WirelessRadarApList.asp</li><li>http://192.168.100.1/AdvancedWirelessSettings.asp</li><li>http://192.168.100.1/PortForwarding.asp</li><li>http://192.168.100.1/DynamicDNS.asp</li><li>http://192.168.100.1/RemoteManagement.asp</li><li>http://192.168.100.1/UPnP.asp</li><li>http://192.168.100.1/TrafficMeter.asp</li><li>http://192.168.100.1/NatMode.asp</li><li>http://192.168.100.1/SwitchPort.asp</li><li>http://192.168.100.1/fbwifi.asp</li><li>http://192.168.100.1/LED_settings.asp</li><li>http://192.168.100.1/a</li><li>http://192.168.100.1/favicon.ico</li><li>http://192.168.100.1/DocsisStatus_h.htm</li><li>http://192.168.100.1/goform/</li><li>http://192.168.100.1/EventLog_h.htm</li><li>http://192.168.100.1/SetPassword_h.htm</li><li>http://192.168.100.1/Logout.asp</li><li>http://192.168.100.1/robots.txt</li></ul><h2>Unique parameter names</h2><ul><li>RetailSessionId</li><li>buttonValue</li><li>curlang</li><li>session</li><li>Apply</li><li>select_region</li><li>question2</li><li>answer2</li><li>buttonSelect</li><li>WanConnType</li><li>wantype</li><li>question1</li><li>answer1</li><li>timestamp_value</li><li>RsReboot</li><li>Internet_Status</li><li>clear_log</li><li>auto_block</li><li>sysConfirmPasswd</li><li>sysOldPasswd</li><li>enable_apmode</li><li>local_srptlang</li><li>gui_lang</li><li>Startupfreq</li><li>Voice_Result</li><li>buttonHit</li><li>Radio_Result</li><li>PC_Support</li><li>RS_Result</li><li>gui_lang_local</li><li>Security_Result</li><li>sysNewPasswd</li><li>first_brs_lang</li><li>PC_Result</li></ul>
</body>
</html>

Why can't I access hidden webpages within my modem?

Why can't I access hidden webpages within my modem?

Re: Why can't I access hidden webpages within my modem?

Re: Why can't I access hidden webpages within my modem?