lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040605181304.14539.qmail@mail.datacolo.com>
Date: Fri, 4 Jun 2004 00:03:13 +0200
From: lupe@...e-christoph.de (Lupe Christoph)
To: z3rosix@...mail.ch
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
   vulnwatch@...nwatch.org, newstips@...se.de, cert@...t.org
Subject: Re: Netgear WG602 Accesspoint vulnerability


On Thursday, 2004-06-03 at 19:35:22 +0200, Tom Knienieder wrote:

>         Possibly vulnerable (not verified)
>                 WG602 with other Firmware Versions
>                 WG602v2

The WG602v2 uses different firmware.

>         Download the WG602 Version 1.5.67 firmware from Netgear
>         ( http://kbserver.netgear.com/support_details.asp?dnldID=366 )
WG602v2 Firmware Version 2.0RC5:
http://kbserver.netgear.com/support_details.asp?dnldID=504

WG602v2 Repeater Firmware Version 3.2 RC6
http://kbserver.netgear.com/support_details.asp?dnldID=692

>         and run the following shell commands on a UNIX box:

>         $ dd if=wg602_1.5.67_firmware.img bs=1 skip=425716 > rd.img.gz
>         $ zcat rd.img.gz | strings | grep -A5 -B5 5777364

2.0RC5
dd if=apfirmware_2.0rc5.img bs=1 skip=111596 of=rd.img.bz2

3.2 RC6
unzip wg602_v2_apfirmware_3.2rc6.zip
dd if=apfirmware_3.2rc6.img bs=1 skip=112620 of=rd.img.bz2

In both cases this:
  bzcat rd.img.bz2 | strings | egrep 'Authorization|BASIC|super|5777364'
Returns some garbage, but nothing similar to your output. Also logging
in with super/5777364 does not work with my unit (unknown firmware
release - I forgot the password and have to reset the unit. But it's
getting a little late here.)

HTH,
Lupe Christoph
-- 
| lupe@...e-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ