SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR Web Safe Router Default Configuration May Let Remote Users Gain Administrative Access to the Device
SecurityTracker Alert ID:  1004559
SecurityTracker URL:  http://securitytracker.com/id/1004559
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 17 2002
Impact:   Host/resource access via network, User access via network
Exploit Included:  Yes  
Version(s): RP114 Web Safe Router; 3.26 firmware version
Description:   An access control and default configuration vulnerability was reported in the NETGEAR RP114 Web Safe Router for cable and DSL connections. A remote user on the local segment of the external interface may be able to access the device using the default username and password.

It is reported that, by default, the device uses the address 192.168.0.1 on the internal network, but also makes this address accessible on the external interface. In a shared access environment (such as a cable neighborhood cluster), a remote user could access the device on the external interface.

It is also reported that the device uses the default username of "admin" and default password of "1234". A remote user can gain administrative to the device by using this authentication information via the telnet or http port.

The author of the report indicates that it is be possible that other devices using the ZyNOS firmware from ZyXEL may have similar flaws.

NETGEAR has reportedly been notified.

Impact:   A remote user could connect to the device using the default username and password to gain full administrative control of the device. The remote user (on the external side of the device) must be on a local or 'near-local' network that will route 192.168.x.x addresses to the device for this to be successful.
Solution:   No solution was available at the time of this entry.

The author indicates that one way to prevent attacks against this vulnerability is to change the default administrator password to something other than "1234".

Vendor URL:  www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=93 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  External access to Netgear RP114 "firewall"




The NetGear Web Safe Router RP114 with current firmware (3.26) is vulnerable in its default configuration.

The router acts as a DHCP server for LAN clients and as a DHCP client on the external side. The IP address 192.168.0.1 is meant for
 local access, as DHCP server, DNS proxy, default gateway and administrative access with telnet and http.

Unfortunately the device answers on address 192.168.0.1 on the external side as well. This means that attackers in your neighbourhood
 can set their IP address to 192.168.0.x and they will have full access to your router with default username "admin" and default password
 "1234", using either telnet or http. They can configure the router's port forwarding to allow access to any computer on the inside
 that they wish to attack. If you can see your neighbours broadcast traffic such as ARP requests then they are close enough to attack
 you.

In certain locations your security is even worse with this "firewall" than without, because the port forwarding in the router can
 be configured to circumvent Netbios filters that your ISP may have in place to protect you. The easiest way to prevent this attack
 is to change the password from "1234".

It might be possible for a distant attacker to spoof his IP address as 192.168.0.x, sending a telnet session blind to remove all filters,
 or using source routing.

It is possible that other devices using the ZyNOS firmware from Zyxel has similar problems.

The manufacturer Netgear has been contacted but they just ignored it.

Max.


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC