NETGEAR WG602 Wireless Access Point Default Account

2004-06-03T02:53:22
ID OSVDB:6743
Type osvdb
Reporter Tom Knienieder()
Modified 2004-06-03T02:53:22

Description

Vulnerability Description

By default, NetGear WG602 WAP contains a default administrative account which cannot be disabled. Depending on the firmware version, the default account "superman" or "super" has the password "21241036" or "5777364" respectively. Although some firmware versions may not be affected, both passwords are publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor has reportedly changed the default login and passwords used for the affected products.

Short Description

By default, NetGear WG602 WAP contains a default administrative account which cannot be disabled. Depending on the firmware version, the default account "superman" or "super" has the password "21241036" or "5777364" respectively. Although some firmware versions may not be affected, both passwords are publicly known and documented. This allows attackers to trivially access the program or system.

References:

Secunia Advisory ID:11773 Mail List Post: http://www.securityfocus.com/archive/1/365069 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/thread.html#36 ISS X-Force ID: 16312 Generic Informational URL: http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172 CVE-2004-2556 CVE-2004-2557 CIAC Advisory: o-159 Bugtraq ID: 10459