Full Disclosure mailing list archives
Re: Netgear WG602 Accesspoint vulnerability
From: lupe () lupe-christoph de (Lupe Christoph)
Date: Fri, 4 Jun 2004 00:03:13 +0200
On Thursday, 2004-06-03 at 19:35:22 +0200, Tom Knienieder wrote:
Possibly vulnerable (not verified) WG602 with other Firmware Versions WG602v2
The WG602v2 uses different firmware.
Download the WG602 Version 1.5.67 firmware from Netgear ( http://kbserver.netgear.com/support_details.asp?dnldID=366 )
WG602v2 Firmware Version 2.0RC5: http://kbserver.netgear.com/support_details.asp?dnldID=504 WG602v2 Repeater Firmware Version 3.2 RC6 http://kbserver.netgear.com/support_details.asp?dnldID=692
and run the following shell commands on a UNIX box:
$ dd if=wg602_1.5.67_firmware.img bs=1 skip=425716 > rd.img.gz $ zcat rd.img.gz | strings | grep -A5 -B5 5777364
2.0RC5 dd if=apfirmware_2.0rc5.img bs=1 skip=111596 of=rd.img.bz2 3.2 RC6 unzip wg602_v2_apfirmware_3.2rc6.zip dd if=apfirmware_3.2rc6.img bs=1 skip=112620 of=rd.img.bz2 In both cases this: bzcat rd.img.bz2 | strings | egrep 'Authorization|BASIC|super|5777364' Returns some garbage, but nothing similar to your output. Also logging in with super/5777364 does not work with my unit (unknown firmware release - I forgot the password and have to reset the unit. But it's getting a little late here.) HTH, Lupe Christoph -- | lupe () lupe-christoph de | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity | | Home for Badgers with Rabies. Michael Lucas | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Netgear WG602 Accesspoint vulnerability Tom Knienieder (Jun 03)
- Re: Netgear WG602 Accesspoint vulnerability Lupe Christoph (Jun 03)
- Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 05)
- Re: Re: Netgear WG602 Accesspoint vulnerability Jan Jungnickel (Jun 07)
- Re: Re: Netgear WG602 Accesspoint vulnerability pera (Jun 08)
- Re: Re: Netgear WG602 Accesspoint vulnerability Jan Jungnickel (Jun 08)
- Re: Re: Netgear WG602 Accesspoint vulnerability Rip Toren (Jun 08)
- Re: Re: Netgear WG602 Accesspoint vulnerability die tuere (Jun 08)
- Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 05)
- Re: Netgear WG602 Accesspoint vulnerability Lupe Christoph (Jun 03)
- <Possible follow-ups>
- RE: Re: Netgear WG602 Accesspoint vulnerability Jan-Peter Koopmann (Jun 06)