[Full-Disclosure] Re: Netgear WG602 Accesspoint vulnerability

From: Lupe Christoph (lupe_at_lupe-christoph.de)
Date: 06/04/04

  • Next message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities"
    To: z3rosix@my-mail.ch
    Date: Fri, 4 Jun 2004 00:03:13 +0200
    
    

    On Thursday, 2004-06-03 at 19:35:22 +0200, Tom Knienieder wrote:

    > Possibly vulnerable (not verified)
    > WG602 with other Firmware Versions
    > WG602v2

    The WG602v2 uses different firmware.

    > Download the WG602 Version 1.5.67 firmware from Netgear
    > ( http://kbserver.netgear.com/support_details.asp?dnldID=366 )
    WG602v2 Firmware Version 2.0RC5:
    http://kbserver.netgear.com/support_details.asp?dnldID=504

    WG602v2 Repeater Firmware Version 3.2 RC6
    http://kbserver.netgear.com/support_details.asp?dnldID=692

    > and run the following shell commands on a UNIX box:

    > $ dd if=wg602_1.5.67_firmware.img bs=1 skip=425716 > rd.img.gz
    > $ zcat rd.img.gz | strings | grep -A5 -B5 5777364

    2.0RC5
    dd if=apfirmware_2.0rc5.img bs=1 skip=111596 of=rd.img.bz2

    3.2 RC6
    unzip wg602_v2_apfirmware_3.2rc6.zip
    dd if=apfirmware_3.2rc6.img bs=1 skip=112620 of=rd.img.bz2

    In both cases this:
      bzcat rd.img.bz2 | strings | egrep 'Authorization|BASIC|super|5777364'
    Returns some garbage, but nothing similar to your output. Also logging
    in with super/5777364 does not work with my unit (unknown firmware
    release - I forgot the password and have to reset the unit. But it's
    getting a little late here.)

    HTH,
    Lupe Christoph

    -- 
    | lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
    | "... putting a mail server on the Internet without filtering is like   |
    | covering yourself with barbecue sauce and breaking into the Charity    |
    | Home for Badgers with Rabies.                            Michael Lucas |
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities"