Is somebody aware of security contacts at Netgear or D-Link? Products of those vendors do suffer from possible DoS, propably default hardcoded root accounts (D-Link) and other issues. Timeline: ZDI: Case Opened 2009-01-18 04:24 GMT-6 Case Closed 2009-01-19 14:12 GMT-6 "We are not interested in vulnerabilities affecting D-Link at this time." Case Opened 2008-12-28 07:57 GMT-6 Case Closed 2009-01-15 17:01 GMT-6 "After some deliberation we have unfortunately decided that we won't be accepting bugs affecting NetGear products." Contacting mitre.org, asking for CVE and a contact at D-Link: Mo, 2.02.2009, 13:01 Contacting mitre.org and NetGear asking for CVE and contact: Mo, 2.02.2009, 12:55 pressrelations@xxxxxxxxxxx (OSVDB entry in the contact field) coley@xxxxxxxxxxxxxxx (cc, found by googling) No replies so far. Maybe NetGear and D-Link could consider to work together with the OSVDB to enter at least some valid contact data. Somebody interested into Router issues (and no it's no xss...)? The vendor itself seam to not to care about their customers or security... Kind regards, Rembrandt
Attachment:
pgpt9ZfqztEjM.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/