[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netgear WG602 Accesspoint vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Netgear WG602 Accesspoint vulnerability
From: Hostmaster <hostmaster@xxxxxxxxxxxxxx>
Date: Mon, 07 Jun 2004 09:26:05 +0200

Hi,

Jaco Swart wrote:

In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000@xxxxxxxxxxxxxxxxx>

I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602. They've simply gone and changed the username to superman and password to 21241036.

yes - this is right (though it took me a while to find out how to get this gzip compressed part out of the img).

Whats new in this image:
"[...] Fixed illegal user access the WEB configuration utility. [...]"

;-)

Would it be possible to change the firmware image by hand - e.g. usa a hex editor and set this username / password to sth else?

regards,

Harald

--
Team NeueMedien.Net / Hostmaster

References:
- Re: Netgear WG602 Accesspoint vulnerability
  - From: Jaco Swart

Prev by Date: OBJECT Bugs or Features
Next by Date: RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)
Previous by thread: Re: Netgear WG602 Accesspoint vulnerability
Next by thread: Re: Netgear WG602 Accesspoint vulnerability
Index(es):
- Date
- Thread