NETGEAR DG834G setup.cgi Debug Mode Local Net Access

2004-08-12T07:29:52
ID OSVDB:9073
Type osvdb
Reporter thanasonic(thanasonic@hack.gr)
Modified 2004-08-12T07:29:52

Description

Vulnerability Description

Netgear DG834G routers contain a flaw that may allow an attacker on the local network to gain access. The issue is due to the setup.cgi script allowing 'debug' mode access which starts the telnet service on TCP port 23. Once activated, an attacker can telnet to the router and gain full access without further authentication. This can only be done from the local network space.

Technical Description

This vulnerability can only be exploited from the local network. The administrative interface answers on the local network private IP space (ie: 192.168.0.1) and is not internet addressable by default.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: ensure the administrative interface is protected via .htaccess

Short Description

Netgear DG834G routers contain a flaw that may allow an attacker on the local network to gain access. The issue is due to the setup.cgi script allowing 'debug' mode access which starts the telnet service on TCP port 23. Once activated, an attacker can telnet to the router and gain full access without further authentication. This can only be done from the local network space.

Manual Testing Notes

http://[victim]/setup.cgi?todo=debug

References:

Vendor URL: http://www.netgear.com/ Related OSVDB ID: 9074 Packet Storm: http://packetstormsecurity.org/filedesc/netgearDG834G.txt.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0197.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0201.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0181.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0194.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0198.html ISS X-Force ID: 16981 Bugtraq ID: 10935