lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAD-LzdTwnwwWKsY9Xbx-=QJFRtcgKScSisJs0k-Xb6Tz1waz4w@mail.gmail.com>
Date: Fri, 19 Jul 2013 00:58:33 -0400
From: kyle Lovett <krlovett@...il.com>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: Western Digital My Net N600, N750, N900 and N900C - Plain text
 disclosure of administrative credentials

Vulnerable Products -
WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD
WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD
Linux 2.6.3 Kernel
All firmware including the latest Ver. 1.04.16

WD My Net N900 HD Dual Band Router Wireless N WiFi Router Accelerate HD
WD My Net N900 Central HD Dual Band Router 2TB Storage WiFi Wireless Router
Firmware 1.06 and below -
Version 1.07.16 released on 05/2013 fixes the bug for the N900 and N900C

Vulnerabilities -
Due to a unspecified bug in the WD My Net N600, N750, N900 and N900C
routers, administrative credentials are stored in plain text and are
easily accessible from a remote location on the WAN side of the
router.

Note: In addition, hidden elements of the administrative GUI can be
revealed on all the routers with a few trivial actions. It is not
known at this time if changes to the admin console can be successful
made through the revealed elements.

Conditions -
UPnP and remote administrative access must be enabled for the bug to
be activated.

Vendor Timeline-
Western Digital has not returned any inquires that have been made
regarding the bug.

Patches of Fixes-
On WD My Net N900 and N900C
It is advised that users upgrade to Firmware Version 1.07.16, which
fixes the bug on these two routers.

On WD My Net N600 and N750
There are no known patches or fixes available at this time.

Mitigation and Workarounds-
On N900 and N900C
Upgrade to Firmware Version 1.07.16

WD My Net N600 and N750
Turn off all remote administrative access to the router
Disable UPnP services
Change the default username and password

Discovered - 07-02-2013
Research Contact - K Lovett
Affiliation - SUSnet

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ