[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040605181304.14539.qmail@mail.datacolo.com>
Date: Fri, 4 Jun 2004 00:03:13 +0200
From: lupe@...e-christoph.de (Lupe Christoph)
To: z3rosix@...mail.ch
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
vulnwatch@...nwatch.org, newstips@...se.de, cert@...t.org
Subject: Re: Netgear WG602 Accesspoint vulnerability
On Thursday, 2004-06-03 at 19:35:22 +0200, Tom Knienieder wrote:
> Possibly vulnerable (not verified)
> WG602 with other Firmware Versions
> WG602v2
The WG602v2 uses different firmware.
> Download the WG602 Version 1.5.67 firmware from Netgear
> ( http://kbserver.netgear.com/support_details.asp?dnldID=366 )
WG602v2 Firmware Version 2.0RC5:
http://kbserver.netgear.com/support_details.asp?dnldID=504
WG602v2 Repeater Firmware Version 3.2 RC6
http://kbserver.netgear.com/support_details.asp?dnldID=692
> and run the following shell commands on a UNIX box:
> $ dd if=wg602_1.5.67_firmware.img bs=1 skip=425716 > rd.img.gz
> $ zcat rd.img.gz | strings | grep -A5 -B5 5777364
2.0RC5
dd if=apfirmware_2.0rc5.img bs=1 skip=111596 of=rd.img.bz2
3.2 RC6
unzip wg602_v2_apfirmware_3.2rc6.zip
dd if=apfirmware_3.2rc6.img bs=1 skip=112620 of=rd.img.bz2
In both cases this:
bzcat rd.img.bz2 | strings | egrep 'Authorization|BASIC|super|5777364'
Returns some garbage, but nothing similar to your output. Also logging
in with super/5777364 does not work with my unit (unknown firmware
release - I forgot the password and have to reset the unit. But it's
getting a little late here.)
HTH,
Lupe Christoph
--
| lupe@...e-christoph.de | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists