Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Wireless Access Point (NETGEAR) Vendors:   NETGEAR
NETGEAR WG602 Has Default Undocumented Administrative Account
SecurityTracker Alert ID:  1010385
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 7 2004
Original Entry Date:  Jun 3 2004
Impact:   User access via network
Exploit Included:  Yes  
Version(s): WG602 with Firmware Version 1.04.0
Description:   A vulnerability was reported in the NETGEAR WG602 Accesspoint. A remote user can gain administrative access on the device.

Tom Knienieder reported that the device contains an undocumented administrative account. The account username is "super" and the password is "5777364", the report said. A remote user can reportedly access the web interface and login to this account.

Jaco Swart reported that in firmware version 1.7.14 the username is "superman" and the password is "21241036".

Impact:   A remote user can login as an administrator.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

Subject:  Netgear WG602 Accesspoint vulnerability

KHAMSIN Security News
KSN Reference: 2004-06-03 0001 TIP

        The Netgear WG602 Accesspoint contains an undocumented
        administrative account.



The webinterface which is reachable from both interfaces (LAN/WLAN)
contains an undocumented administrative account which cannot be disabled.

Any user logging in with the username "super" and the password "5777364"
is in complete control of the device.

This vulnerability can be exploited by any person which is able to reach
the webinterface of the device with a webbrowser.

A search on Google revealed that "5777364" is actually the phonenumber
of z-com Taiwan which develops and offers WLAN equipment for its OEM

Currently it is unknown whether other Vendors are shipping products
based on z-com OEM designs.

Systems Affected

        Vulnerable (verified)
                WG602 with Firmware Version 1.04.0

        Possibly vulnerable (not verified)
                WG602 with other Firmware Versions
                All other z-com derived WLAN Accesspoints

Proof of concept

        Download the WG602 Version 1.5.67 firmware from Netgear
        ( )
        and run the following shell commands on a UNIX box:

        $ dd if=wg602_1.5.67_firmware.img bs=1 skip=425716 > rd.img.gz
        $ zcat rd.img.gz | strings | grep -A5 -B5 5777364

        Which results in the following output:

                super 			<---- Username
                5777364 		<---- Password


        This advisory does not claim to be complete or to be usable for
        any purpose. Especially information on the vulnerable systems may
        be inaccurate or wrong. Possibly supplied exploit code is not to
        be used for malicious purposes, but for educational purposes only.
        This advisory is free for open distribution in unmodified form.

KHAMSIN Security GmbH     Zuercherstr. 204 / CH-9014 St. Gallen


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC