lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1086550920.40c373882ec34@webmail.futures-inc.com>
Date: Sun,  6 Jun 2004 15:42:00 -0400
From: Rip Toren <rtoren@...ures-inc.com>
To: Tom Knienieder <knienieder@...msin.ch>
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
   vulnwatch@...nwatch.org, newstips@...se.de, cert@...t.org
Subject: Re: Netgear WG602 Accesspoint vulnerability


Folks;
  I found a new firware update on the Netgear product support page that removes this
account, along with a couple of other fixes. 
  I upgraded, and the login is no longer available. Good, quick response.....


Quoting Tom Knienieder <knienieder@...msin.ch>:

> 
> 
> KHAMSIN Security News
> KSN Reference: 2004-06-03 0001 TIP
> ---------------------------------------------------------------------------
> 
> Title
> -----
>         The Netgear WG602 Accesspoint contains an undocumented
>         administrative account.
> 
> Date
> ----
>         2004-06-03
> 
> 
> Description
> -----------
> 
> The webinterface which is reachable from both interfaces (LAN/WLAN)
> contains an undocumented administrative account which cannot be disabled.
> 
> Any user logging in with the username "super" and the password "5777364"
> is in complete control of the device.
> 
> This vulnerability can be exploited by any person which is able to reach
> the webinterface of the device with a webbrowser.
> 
> A search on Google revealed that "5777364" is actually the phonenumber
> of z-com Taiwan which develops and offers WLAN equipment for its OEM
> customers.
> 
> Currently it is unknown whether other Vendors are shipping products
> based on z-com OEM designs.
> 
> 
   <<snip>>

-- 
Rip Toren
Senior Information Assurance Engineer
Futures Inc.
phone: 410-340-4033
email: rtoren@...ures-inc.com
website:  http://www.futures-inc.com
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
This email is for the intended recipient only.  If you have received
this email and you are not the intended recipient, please contact the
originating party and delete the email message.  Thank you.  Futures Inc.
--------------------------------------------------------------------------


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ