Full Disclosure mailing list archives
Re: Re: Netgear WG602 Accesspoint vulnerability
From: Rip Toren <rtoren () futures-inc com>
Date: Tue, 8 Jun 2004 08:12:22 -0400
Quoting Jan Jungnickel <jj () carmunity de>:
On Tue, Jun 08, 2004 at 10:05:56AM +0200, pera () ampersize org wrote:Netgear has 'fixed' this by changing the username and password to something else.I heard the username has been changed to "superman" with the password "21241036". I wonder whose phone number THIS is...Precisely. I'm pretty stunned by this blatant example of stupidity :/ -- carmunity.com GmbH Mary-Astell-Strasse 2 Jan Jungnickel 28359 Bremen
<<snip>> Depending upon how the account name and password are stored, this might have been as simple as a binary edit of the firmware, with some checksum cleanup. Unfortunately, it would only take a couple of hours to completely hide any literal values from a 'strings' search. Even if another firmware is released, and it shows no strings; can it be assured that the account data has not just been hidden. This might also mean that the V2 product is also compromised, but with masked account data... who knows? Since they seem to have demonstrated a corporate commitment to 'backdoor' their product; it might be time to find a more customer friendly supplier. At least until the is some public statement by NetGear about the situation. I care, I used one of these; until 10 minutes ago. -- Rip Toren Senior Information Assurance Engineer Futures Inc. email: rtoren () futures-inc com website: http://www.futures-inc.com ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Netgear WG602 Accesspoint vulnerability Tom Knienieder (Jun 03)
- Re: Netgear WG602 Accesspoint vulnerability Lupe Christoph (Jun 03)
- Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 05)
- Re: Re: Netgear WG602 Accesspoint vulnerability Jan Jungnickel (Jun 07)
- Re: Re: Netgear WG602 Accesspoint vulnerability pera (Jun 08)
- Re: Re: Netgear WG602 Accesspoint vulnerability Jan Jungnickel (Jun 08)
- Re: Re: Netgear WG602 Accesspoint vulnerability Rip Toren (Jun 08)
- Re: Re: Netgear WG602 Accesspoint vulnerability die tuere (Jun 08)
- Re: Netgear WG602 Accesspoint vulnerability James Garrison (Jun 05)
- Re: Netgear WG602 Accesspoint vulnerability Lupe Christoph (Jun 03)
- <Possible follow-ups>
- RE: Re: Netgear WG602 Accesspoint vulnerability Jan-Peter Koopmann (Jun 06)