Re: Netgear WG602 Accesspoint vulnerability

[lupe () lupe-christoph de (Lupe Christoph)]

On Thursday, 2004-06-03 at 19:35:22 +0200, Tom Knienieder wrote:

>         Possibly vulnerable (not verified)
>                 WG602 with other Firmware Versions
>                 WG602v2

The WG602v2 uses different firmware.

>         Download the WG602 Version 1.5.67 firmware from Netgear
>         ( http://kbserver.netgear.com/support_details.asp?dnldID=366 )
WG602v2 Firmware Version 2.0RC5:
http://kbserver.netgear.com/support_details.asp?dnldID=504

WG602v2 Repeater Firmware Version 3.2 RC6
http://kbserver.netgear.com/support_details.asp?dnldID=692

>         and run the following shell commands on a UNIX box:

>         $ dd if=wg602_1.5.67_firmware.img bs=1 skip=425716 > rd.img.gz
>         $ zcat rd.img.gz | strings | grep -A5 -B5 5777364

2.0RC5
dd if=apfirmware_2.0rc5.img bs=1 skip=111596 of=rd.img.bz2

3.2 RC6
unzip wg602_v2_apfirmware_3.2rc6.zip
dd if=apfirmware_3.2rc6.img bs=1 skip=112620 of=rd.img.bz2

In both cases this:
  bzcat rd.img.bz2 | strings | egrep 'Authorization|BASIC|super|5777364'
Returns some garbage, but nothing similar to your output. Also logging
in with super/5777364 does not work with my unit (unknown firmware
release - I forgot the password and have to reset the unit. But it's
getting a little late here.)

HTH,
Lupe Christoph
-- 
| lupe () lupe-christoph de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |