| VID |
29105 |
| Severity |
40 |
| Port |
2601 |
| Protocol |
TCP |
| Class |
TELNET |
| Detailed Description |
The relevant host seems to be the Netgear DG834G device and contains a default password. Netgear DG834G is a wireless firewall, router, and switch for DSL connections. Netgear DG834G devices contain a default password, 'zebra' for their Zebra process. Zebra is a dynamic routing daemon, and contains a telnet-accessible configuration shell. Zebra listens on both the WAN and the internal network interfaces. By gaining administrative access to Zebra, an attacker has the ability to modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users.
* References:
http://www.securityfocus.com/archive/1/371575
http://packetstormsecurity.org/filedesc/netgearDG834G.txt.html
* Platforms Affected:
Netgear DG834G Any version |
| Recommendation |
Edit zebra.conf and set up the default password to a value that is difficult to guess. |
| Related URL |
(CVE) |
| Related URL |
10935 (SecurityFocus) |
| Related URL |
16981 (ISS) |
|
