Bugtraq mailing list archives

Re: Netgear WG602 Accesspoint vulnerability

From: Hostmaster <hostmaster () neuemedien net>
Date: Mon, 07 Jun 2004 09:26:05 +0200

Hi,

Jaco Swart wrote:

In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000 () shamal khamsin ch>

I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602.  They've 
simply gone and changed the username to superman and password to 21241036.

yes - this is right (though it took me a while to find out how to getthis gzip compressed part out of the img).


Whats new in this image:
"[...] Fixed illegal user access the WEB configuration utility. [...]"

;-)

Would it be possible to change the firmware image by hand - e.g. usa ahex editor and set this username / password to sth else?


regards,

Harald

--
Team NeueMedien.Net / Hostmaster

Current thread:

Netgear WG602 Accesspoint vulnerability Tom Knienieder (Jun 03)
- Re: Netgear WG602 Accesspoint vulnerability Mathias Kuester (Jun 04)
- Re: Netgear WG602 Accesspoint vulnerability Lupe Christoph (Jun 04)
  - Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 07)
  - Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 07)
- <Possible follow-ups>
- Re: Netgear WG602 Accesspoint vulnerability Jaco Swart (Jun 05)
  - Re: Netgear WG602 Accesspoint vulnerability RISKO Gergely (Jun 07)
  - Re: Netgear WG602 Accesspoint vulnerability Hostmaster (Jun 07)
- Re: Netgear WG602 Accesspoint vulnerability auron (Jun 07)