Bugtraq mailing list archives

Re: Netgear RT311/RT314


From: Rzac` <bugtrack () mail ru>
Date: Tue, 5 Feb 2002 19:14:01 +0100


As indicated on www.netgear.org, an unofficial web site dedicated to
Netgear's popular RT311 and RT314, it is possible to disable their
HTTP, FTP and Telnet daemons using the hack below.


"Disalbing Internal HTTP, FTP and telnet Server of the Netgear to
protect it from all connection

Warning: This solution will disable TCP connection to Netgear box
completely (both LAN & WAN). You can make the change while you have
active telnet connection but as soon as you disconnect, you'll not be
able to access to the box via any TCP connection again (until reboot).
Routing functions work properly however.    

Goto 24.8 (CLI) interface and enter:

ip tcp mss 0

This will remain effective until reboot. If you want this permanent
you need to modify autoexec.net file on router. You can edit
autoexec.net via the following command.

sys edit autoexec.net

This is a line editor. Find the line that reads "ip tcp mss 512" and
replace 512 with 0. After reboot you will only access the router via
serial cable. If you don't have serial cable don't do this!

THIS WILL ALSO BLOCK DDNS UPDATE. IF YOU USE DDNS, DO NOT USE THAT TWEAK!

Credit goes to Tolunay from dslreports.com"

(from www.netgear.org in the "How to" section)


On 03/Feb/2002, sq wrote:
s> Product:
s> Netgear Gateway Router RT314/RT311

(...)

s> Problem Description:
s> The Netgear RT314 Gateway Router (FW v3.25) runs a web server
s> (ZyXEL-RomPager/3.02) for easy user configuration. This web server
s> is vulnerable to the standard Cross Site Scripting problems seen in
s> multiple web servers (noted in CERT CA-2000-02 from two years ago).
s> Though it may be difficult to exploit (attacker would need to know
s> the internal address of the victim's router), it still opens the
s> possibility that an attacker could gain unauthorized access to the
s> router, and possibly reconfigure it to allow remote access.  

(...)


Current thread: