Netgear DG834G remote access vulnerability

[joema]

just thought you would like to know:

http://www.packetstormsecurity.org/filedesc/netgearDG834G.txt.html

unfortunately not much info, but i will try get some more, or if someone else has access to said info they could post it here.

 

[joema]

here is some more info:

http://seclists.org/lists/bugtraq/2004/Aug/0184.html

Quote:

------------------------------------------

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell.

Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router.By giving "zebra" as password *which is the default password* you got also a root shell.
------------------------------------------------------------

there ya go

 

[jcorreia]

Are these hardware or are they fixable if the software of the router is fixed?

Thanks
Jose

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by joema</i>
<br />just thought you would like to know:

http://www.packetstormsecurity.org/filedesc/netgearDG834G.txt.html

unfortunately not much info, but i will try get some more, or if someone else has access to said info they could post it here.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

 

[georgelza]

all i can think of is to disable remote admin?

comment?

G

You Have The Obligation to Inform One Honestly of the risk, And As a Person
You Are Committed to Educate Yourself to the Total Risk In Any Activity!
Once Informed & Totally Aware of the Risk,
Every Fool Has the Right to Kill or Injure Themselves as They See Fit!