| VID |
29087 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The NetGear WG602 access point contains a built-in administrator account.
NetGear WG602 devices prior to version 2 contain a hidden administrative account that cannot be changed via the configuration interface. A remote attacker could use this vulnerability to gain unauthorized access to the affected device.
The accounts below are the default administrative accounts:
Username: super, Password: 5777364
Username: superman, Password: 21241036
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0049.html
http://www.securityfocus.com/archive/1/365292
http://www.securityfocus.com/archive/1/365150
http://www.securityfocus.com/archive/1/365157
http://www.securityfocus.com/archive/1/365230
http://www.securityfocus.com/archive/1/365309
http://www.securityfocus.com/archive/1/365303
* Platforms Affected:
NETGEAR WG602 Any version |
| Recommendation |
If NetGear Web Interface is not needed, disable its web server.
-- OR --
Upgrade to the latest version of NetGear WG602 (2 or later), available from the NetGear Web site at http://www.netgear.com/products/prod_details.php?prodID=170 |
| Related URL |
(CVE) |
| Related URL |
10459 (SecurityFocus) |
| Related URL |
16312 (ISS) |
|
