Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.NETGEAR_HIDDEN_PASSWORD.NASL
HistoryJun 03, 2004 - 12:00 a.m.

NETGEAR Wireless Access Point Hardcoded Default Password

2004-06-0300:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
29
JSON

NETGEAR ships at least one device with a built-in administrator account. This account cannot be changed via the configuration interface and enables a remote attacker to control the NETGEAR device.

To duplicate this error, simply point your browser to a vulnerable machine, and log in (when prompted) with :

userid = super password = 5777364

or :

userid = superman password = 21241036

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(12258);
 script_version("1.32");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id("CVE-2004-2556", "CVE-2004-2557");
 script_bugtraq_id(10459);

 script_name(english:"NETGEAR Wireless Access Point Hardcoded Default Password");
 script_summary(english:"NETGEAR Hidden Password Check.");

 script_set_attribute(attribute:"synopsis", value:
"The remote network device can be accessed using an undocumented
administrative account.");
 script_set_attribute(attribute:"description", value:
"NETGEAR ships at least one device with a built-in administrator
account. This account cannot be changed via the configuration
interface and enables a remote attacker to control the NETGEAR device.

To duplicate this error, simply point your browser to a vulnerable
machine, and log in (when prompted) with :

  userid = super
  password = 5777364

or :

  userid = superman
  password = 21241036");
 # http://web.archive.org/web/20121129214456/http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f60b305");
 # http://liveweb.archive.org/http://archives.neohapsis.com/archives/bugtraq/2004-06/0077.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d45141a1");
 # https://slashdot.org/story/04/06/08/1319206/netgears-amusing-fix-for-wg602v1-backdoor
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24193259");
 script_set_attribute(attribute:"solution", value:
"Contact vendor for a fix. As a temporary workaround, disable the web
server or filter the traffic to the NETGEAR web server via an upstream
firewall.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:U/RC:X");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/03");
 script_set_attribute(attribute:"plugin_publication_date", value:"2004/06/03");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe",value:"cpe:/h:netgear:wg602");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencies("netgear_www_detect.nbin");
 script_exclude_keys("global_settings/supplied_logins_only");
 script_require_keys("installed_sw/Netgear WWW");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");
include("http.inc");

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

get_install_count(app_name:"Netgear WWW", exit_if_zero:TRUE);
port = get_http_port(default:80, embedded:TRUE);
install = get_single_install(app_name:"Netgear WWW", port:port);

res = http_get_cache(port: port, item: "/", exit_on_fail: TRUE);
if (!pgrep(string:res, pattern:"HTTP/.* 40[13] "))
{
  exit(0, "Start page is not protected on port "+port);
}

i = 0;
u[i] = "superman";	p[i++] = "21241036";
u[i] = "super";		p[i++] = "5777364";

for (i = 0; ! isnull(u[i]); i ++)
{
  w = http_send_recv3(method:"GET", item:"/", port: port, username: u[i], password: p[i], exit_on_fail: TRUE);
  if ("200 OK" >< w[0])
  {
    report =
      '\nNessus was able to gain access to the administrative interface using' +
      '\nthe following information :' +
      '\n' +
      '\n  URL      : ' + build_url(qs:"/", port:port) +
      '\n  User     : ' + u[i] +
      '\n  Password : ' + p[i] + '\n';
    security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
  }
}
exit(0, "The web server listening on port "+port+" is not affected.");
VendorProductVersionCPE
netgearwg602cpe:/h:netgear:wg602

Related

cve 2
cve
cve
CVE-2004-2557
2004-12-31 05:00:00
CVE-2004-2556
2004-12-31 05:00:00
JSON
Related for NETGEAR_HIDDEN_PASSWORD.NASL
cve2