Re: Netgear WG602 Accesspoint vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Netgear WG602 Accesspoint vulnerability
From: Hostmaster <hostmaster@xxxxxxxxxxxxxx>
Date: Mon, 07 Jun 2004 09:26:05 +0200
In-reply-to: <20040605192227.3189.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: NeueMedien.Net
References: <20040605192227.3189.qmail@xxxxxxxxxxxxxxxxxxxxx>
User-agent: myMailer ()

Hi,

Jaco Swart wrote:

In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000@xxxxxxxxxxxxxxxxx>

I can confirm that this vulnerability still exists in the latest firmware 
upgrade(1.7.14) for the WG602.  They've simply gone and changed the username to 
superman and password to 21241036.

yes - this is right (though it took me a while to find out how to getthis gzip compressed part out of the img).


Whats new in this image:
"[...] Fixed illegal user access the WEB configuration utility. [...]"

;-)

Would it be possible to change the firmware image by hand - e.g. usa ahex editor and set this username / password to sth else?


regards,

Harald

--
Team NeueMedien.Net / Hostmaster

References:
- Re: Netgear WG602 Accesspoint vulnerability
  - From: Jaco Swart

Prev by Date: OBJECT Bugs or Features
Next by Date: MS ISA SP2 out last month
Previous by thread: Re: Netgear WG602 Accesspoint vulnerability
Next by thread: Re: Netgear WG602 Accesspoint vulnerability
Index(es):
- Date
- Thread