| VID |
29072 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The NetGear devices has the default administrative password set for the external access.
This device uses the address 192.168.0.1 on the internal network and the default password,"password" or "1234" of the default "admin" by default. By using this authentication information via the telnet or HTTP port, a remote attacker can access to the external interface and gain administrative to the device. For successfully exploiting this vulnerability, a remote attacker(on the external side of the device) must be on a local or near-local network that will route 192.168.x.x addresses to the device.
* References:
http://www.securitytracker.com/alerts/2002/Jun/1004559.html
http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html
* Platforms Affected:
RT311, RT314, RP114, MR314, RO318 Cable/DSL Routers (admin/1234)
NETGEAR FR314, FR318, FV318 Firewall Routers (admin/password)
FVS318 Prosafe VPN Firewall (admin/password)
DG814 ADSL Modem/Router (admin/password)
FR114P, FR114W, FM114P Prosafe Firewall Routers (admin/password) |
| Recommendation |
No the vendor-supplied patch for this vulnerability as of June 2014.
As a workaround, change the default administrator password to the strong password. |
| Related URL |
(CVE) |
| Related URL |
5036 (SecurityFocus) |
| Related URL |
9371 (ISS) |
|
