| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Mar 2016 06:23:25 +1100 From: paul.szabo@...ney.edu.au To: fulldisclosure@...lists.org Subject: [FD] Netgear CG3000 modem/router set password vulnerability I noticed a security issue in my Netgear CG3000v2 cable modem, as provided by Optus (an Australian phone/communications provider). The "admin password" can be changed on the web interface, without providing the current password. The page http://192.168.0.1/SetPassword.asp prompts for old and new passwords (and repeat of new), but in fact ignores the old password provided, and changes the password to the new one, regardless. This issue could be exploited via CSRF, to change the password while the user happens to be logged in. I do not know what practical benefit an attacker would then gain; maybe not much, seeing how most modems would be left at the default setting of admin/password as per http://www.optus.com.au/shop/support/answer/modem-wifi-username-password-help?requestType=NormalRequest&id=1752&typeId=5 I do not know whether the same issue affects other modems or routers. I reported the issue to Netgear (support case #26592620) but they did not seem interested. Cheers, Paul Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists