|
|
Family: CGI abuses --> Category: infos
NetGear Hidden Password Check Vulnerability Scan
Vulnerability Scan Summary
NetGear Hidden Password Check
Detailed Explanation for this Vulnerability Test
NetGear ships at least one device with a builtin administrator
account. This account cannot be changed via the configuration
interface and enables a remote attacker to control the NetGear
device.
To duplicate this error, simply point your browser to a vulnerable
machine, and log in (when prompted) with
userid = super
password = 5777364
or
userid = superman
password = 21241036
See also : http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0077.html
http://kbserver.netgear.com/kb_web_files/n101383.asp
Solution: Contact vendor for a fix. As a temporary workaround,
disable the webserver or filter the traffic to the NetGear webserver
via an upstream firewall.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
