External access to Netgear RP114 "firewall"

From: auto353237@hushmail.com
Date: 06/17/02


From: auto353237@hushmail.com
To: bugtraq@securityfocus.com
Date: Mon, 17 Jun 2002 05:13:36 -0700


The NetGear Web Safe Router RP114 with current firmware (3.26) is vulnerable in its default configuration.

The router acts as a DHCP server for LAN clients and as a DHCP client on the external side. The IP address 192.168.0.1 is meant for local access, as DHCP server, DNS proxy, default gateway and administrative access with telnet and http.

Unfortunately the device answers on address 192.168.0.1 on the external side as well. This means that attackers in your neighbourhood can set their IP address to 192.168.0.x and they will have full access to your router with default username "admin" and default password "1234", using either telnet or http. They can configure the router's port forwarding to allow access to any computer on the inside that they wish to attack. If you can see your neighbours broadcast traffic such as ARP requests then they are close enough to attack you.

In certain locations your security is even worse with this "firewall" than without, because the port forwarding in the router can be configured to circumvent Netbios filters that your ISP may have in place to protect you. The easiest way to prevent this attack is to change the password from "1234".

It might be possible for a distant attacker to spoof his IP address as 192.168.0.x, sending a telnet session blind to remove all filters, or using source routing.

It is possible that other devices using the ZyNOS firmware from Zyxel has similar problems.

The manufacturer Netgear has been contacted but they just ignored it.

Max.

Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople