Hi, Jaco Swart wrote:
In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000@xxxxxxxxxxxxxxxxx> I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602. They've simply gone and changed the username to superman and password to 21241036.
yes - this is right (though it took me a while to find out how to get this gzip compressed part out of the img).
Whats new in this image: "[...] Fixed illegal user access the WEB configuration utility. [...]" ;-)Would it be possible to change the firmware image by hand - e.g. usa a hex editor and set this username / password to sth else?
regards, Harald -- Team NeueMedien.Net / Hostmaster