Bugtraq mailing list archives
Re: Netgear WG602 Accesspoint vulnerability
From: Hostmaster <hostmaster () neuemedien net>
Date: Mon, 07 Jun 2004 09:26:05 +0200
Hi, Jaco Swart wrote:
In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000 () shamal khamsin ch> I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602. They've simply gone and changed the username to superman and password to 21241036.
yes - this is right (though it took me a while to find out how to get this gzip compressed part out of the img).
Whats new in this image: "[...] Fixed illegal user access the WEB configuration utility. [...]" ;-)Would it be possible to change the firmware image by hand - e.g. usa a hex editor and set this username / password to sth else?
regards, Harald -- Team NeueMedien.Net / Hostmaster
Current thread:
- Netgear WG602 Accesspoint vulnerability Tom Knienieder (Jun 03)
- Re: Netgear WG602 Accesspoint vulnerability Mathias Kuester (Jun 04)
- Re: Netgear WG602 Accesspoint vulnerability Lupe Christoph (Jun 04)
- Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 07)
- Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 07)
- <Possible follow-ups>
- Re: Netgear WG602 Accesspoint vulnerability Jaco Swart (Jun 05)
- Re: Netgear WG602 Accesspoint vulnerability RISKO Gergely (Jun 07)
- Re: Netgear WG602 Accesspoint vulnerability Hostmaster (Jun 07)
- Re: Netgear WG602 Accesspoint vulnerability auron (Jun 07)