[NEWS] NETGEAR RT311/RT314 Cross-Site Issue
From: support@securiteam.comDate: 02/06/02
- Previous message: support@securiteam.com: "[EXPL] Sastcpd 'authprog' Local Root Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 6 Feb 2002 18:31:18 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
NETGEAR RT311/RT314 Cross-Site Issue
------------------------------------------------------------------------
SUMMARY
NETGEAR's <http://www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=54>
RT311 Gateway Router provides the dynamic Internet connection.
NETGEAR's <http://www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=55>
RT314 combination switch and router creates the potent full-duplex
backbone.
Both these products have been found to be vulnerable to a Cross Site
Scripting Vulnerability
DETAILS
Vulnerable systems:
Tested on NETGEAR RT314 running firmware versions 3.24 and 3.25. Any
hardware running this firmware (RT-311 also runs the same firmware). Any
product running ZyXel-RomPager web server 3.02 or earlier is probably also
vulnerable.
The NETGEAR Router (FW version 3.25) runs a web server
(ZyXEL-RomPager/3.02) for easy user configuration. This web server is
vulnerable to the standard Cross Site Scripting problems seen in multiple
web servers. Though it may be difficult to exploit (attacker would need
to know the internal address of the victim's router), it still opens the
possibility that an attacker run a 'social engineering' attack and gain
unauthorized access to the router, possibly reconfiguring it to allow
remote access.
Example:
Vendor Status:
Workaround:
Disabling Internal HTTP, FTP, and telnet Server of the NETGEAR to protect
Warning: This solution will disable TCP connection to NETGEAR box
Go to 24.8 (CLI) interface and enter:
ip tcp mss 0
This will remain effective until reboot. If you want this permanent, you
sys edit autoexec.net
This is a line editor. Find the line that reads "ip tcp mss 512" and
THIS WILL ALSO BLOCK DDNS UPDATE. IF YOU USE DDNS, DO NOT USE THAT TWEAK!
ADDITIONAL INFORMATION
The information has been provided by <mailto:sq@cirt.net> sq, Tolunay
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
To check NETGEAR devices for CSS, simply access the following URL in a
browser:
http://
If you receive a JavaScript pop-up alert, the system is vulnerable to
Cross Site Scripting.
Vendor was contacted on 1/5/2002 (support@netgear.com), but did not
respond.
As indicated on www.netgear.org, an unofficial web site dedicated to
NETGEAR's popular RT311 and RT314, it is possible to disable their HTTP,
FTP, and Telnet daemons using the hack below.
it from all connection
completely (both LAN & WAN). You can make the change while you have active
telnet connection but as soon as you disconnect, you will not be able to
access to the box via any TCP connection again (until reboot). Routing
functions work properly however.
need to modify autoexec.net file on router. You can edit autoexec.net via
the following command.
replace 512 with 0. After reboot, you will only access the router via
serial cable. If you do not have serial cable do not do this!
from dslreports.com, <mailto:bugtrack@mail.ru> Rzac`.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... Does anyone know if NetGear Router RP114 is also affected by this problem? ... >Netgear's RT314 is a four-port gateway router targeted at the small home ... >product running ZyXel-RomPager web server 3.02 or earlier is probably also ...
(Bugtraq)
... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
(microsoft.public.windows.server.sbs)
... Yeah, maybe it's not that different from the Netgear, for all that. ... that when I first used the Netgear router with SBS 2003, ... tech spend 4+ hours on my system, and then tell me to enable DHCP ... more than one SBS server in a company makes no sense. ...
(microsoft.public.windows.server.sbs)
... removed the Netgear FVG318 router. ... Reconfigured the Netopia to use ... Why didn't you just disconnect the Netgear and not touch the ... workstations and put 1 cable into the netopia, ...
(microsoft.public.windows.server.sbs)
... I agree, with what I could have / should have done as far as the router, ... Why didn't you just disconnect the Netgear and not touch the Netopia? ... Which, based on the configuration you gave, is part of the ...
(microsoft.public.windows.server.sbs)
