Netgear Admin Password Disclosure

Some (though not all) Netgear products expose the administrator password to unauthorized users in a file named /cgi-bin/<model>.log – if the device is vulnerable, you’ll get something like this:

The full list of devices that are vulnerable isn’t known; the issue was presented to Netgear, but no response was received. To help identify the vulnerable devices, I pulled a list of all Netgear devices and wrote this script: