RE: NETGEAR DG834G SPECIAL FEATURES

To: <thanasonic@xxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: NETGEAR DG834G SPECIAL FEATURES
From: "Andre Lorbach" <alorbach@xxxxxxxxxxxxxxx>
Date: Fri, 13 Aug 2004 12:22:46 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcSA5/Eo3WzkQHVyQo2S7AHs0MlvZAANzdsQ
Thread-topic: NETGEAR DG834G SPECIAL FEATURES

> -----Original Message-----
> From: thanasonic@xxxxxxx [mailto:thanasonic@xxxxxxx] 
> 
> By opening http://192.168.0.1/setup.cgi?todo=debug you enable 
> the router's debug mode.Then you just telnet at 192.168.0.1 
> at port 23 and then you have a root shell.
> 
> Also i found that if you just telnet to 192.168.0.1 2602 you 
> will get a prompt from the service ZEBRA that is running on 
> the router.By giving "zebra" as password *which is the 
> default password* you got also a root shell.

Wow! That's exactly the router I have and these exploits work *fear*. 
Fortunately, only on the local network, but they work!

With what Firmware version did you test? I still have 1.04 here.

Best regards,
Andre Lorbach

Prev by Date: MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities
Next by Date: Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
Previous by thread: Re: NETGEAR DG834G SPECIAL FEATURES
Next by thread: Re: NETGEAR DG834G SPECIAL FEATURES
Index(es):
- Date
- Thread