NetGear Also Has Remote Access Wide Open

huh? by schroet · 2004-06-05 02:30 · Score: 4, Insightful

you can turn off the external web interface on those things right? I guess that doesn't help if you're worried about crackers on your LAN but still, it may not be as bad as it sounds.

Undocumented = bad though,

Re:huh? by RidiculousPie · 2004-06-05 02:36 · Score: 4, Informative

This vulnerability can be exploited by any person which is able to reach the webinterface of the device with a webbrowser.
It would appear that if the webinterface is disabled, the device cannot be compromised.

--
ah, mod points ... now where is my crack?

Don't you mean.. by Sadiq · 2004-06-05 02:31 · Score: 5, Funny

"The backdoor seems to have been created by the vendor that used to package devices for NetGear"

--
SysWear - Geek T-shirts (UK/Europe)

Fixed in new firmware, available here: by Anonymous Coward · 2004-06-05 02:32 · Score: 5, Informative

http://kbserver.netgear.com/support_details.asp?dn ldID=735

Re:Fixed in new firmware, available here: by abscondment · 2004-06-05 02:41 · Score: 3, Interesting

That's all nice and well, but the average user isn't going to upgrade at all. A good deal of them never even set the admin password in the first place.

Take the guy in my apartment, for instance. I'm using his wireless. His AP is totally open--default SSID and all. I know he doesn't care, but what if he were a business? There's no way he's going to upgrade firmware if he can't even set a simple password.
Re:Fixed in new firmware, available here: by gbjbaanb · 2004-06-05 02:44 · Score: 2, Informative

Helps if the URL doesnt have a space in it. Hmm.. slashdot seems to be mangling it. Note: there should be no space in the following URL.
http://kbserver.netgear.com/support_details.asp?dn ldID=735
"WG602 Firmware Version 1.7.14

Bug Fixes

Fixed: Lost connections during heavy traffic
Improved system reliability under heavy traffic
Fixed illegal user access the WEB configuration utility.
Known Bugs and Feature Limitations

WPA is not supported.
Wireless Bridging and repeating functions are not supported. "
Re:Fixed in new firmware, available here: by I+confirm+I'm+not+a · 2004-06-05 03:05 · Score: 4, Funny

Thanks, just downloaded and upgraded.

(Off topic: was anyone else disappointed that the "super" login didn't make the web control panel reveal easter eggs? I mean, you just had to try it while you were upgrading, right?)

--
This is where the serious fun begins.
Re:Fixed in new firmware, available here: by platypussrex · 2004-06-05 04:09 · Score: 2, Funny

Fixed illegal user access the WEB configuration utility.

Now if they only had a grammar checker!
Re:Fixed in new firmware, available here: by Paradise+Pete · 2004-06-05 04:53 · Score: 2, Funny

Helps if the URL doesnt have a space in it. Hmm.. slashdot seems to be mangling it.
How To Make a Clickable URL
1. Type <a href = "">
2. Insert the URL between the quotation marks.
3. To the right of the closing angle bracket, type the text you'd like the link to say.
4. Finish with </a>
Done.
P.S. No ...Profit!!! jokes, please.
Re:Fixed in new firmware, available here: by Chucky+B.+Bear · 2004-06-05 07:10 · Score: 5, Informative

I've just upgraded to the latest firmware. It is NOT FIXED!!!! They have simply gone and changed the username and password to something else. There is STILL a default superuser account with password.
(You can find it yourselve by just taking similiar steps as in the securityfoces article.)

One wonders what the internal policies are ... by xmas2003 · 2004-06-05 02:33 · Score: 4, Insightful

I think everyone can agree that backdoor passwords are a BAD idea - makes one wonder what the internal policies are at these companies - and what happens when they do a source code audit after these are found and track down the programmers who put 'em in.

--
Hulk SMASH Celiac Disease

Re:One wonders what the internal policies are ... by djsmiley · 2004-06-05 02:36 · Score: 2, Insightful

they are normally there for the company to protect them selfs.

Stupid user messes up the router.

They phone tech support "i can't get onto my routers access page, i changed and lost the password"...

"two seconds sir, prove this is your ip"

they run some tests to check its whos on the phone..

"there you go sir, your new password is ******, you may now change the settings again"....

You ever tried to talk to a noob thru flashing the firmware on their router over the phone?

--
- http://www.milkme.co.uk
Re:One wonders what the internal policies are ... by Trigun · 2004-06-05 02:36 · Score: 5, Funny

There's a backdoor in the software auditing software. The programmer is safe.
Re:One wonders what the internal policies are ... by BigHungryJoe · 2004-06-05 02:37 · Score: 3, Informative

Everyone but the vendors knows it's a bad idea. Cisco recently made the same mistake.
Re:One wonders what the internal policies are ... by AntiOrganic · 2004-06-05 02:39 · Score: 4, Insightful

This is absolutely idiotic. All routers have a default username/password combination that is restored when using the firmware reset button typically hidden on the back of the router. There is no reason to create an administrative backdoor for this purpose when there's a readily-accessible password reset feature built into the device.
Re:One wonders what the internal policies are ... by Fulcrum+of+Evil · 2004-06-05 03:04 · Score: 4, Interesting

There is no reason to create an administrative backdoor for this purpose when there's a readily-accessible password reset feature built into the device.

Sure there is. The reset button will nuke the configuration, the logs, and whatever else state is there, thus confounding debugging by the tech support. A single password is stupid, though. What's needed is something that requires the router s/n, the router's idea of the date, and a passcode generator from cisco. Give the aforementioned info to cisco TS and they can generate a 1 or 2 hour passcode for your router. You could also add a switch to enable this feature on the router itself, but that may not be practical.

--
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Re:One wonders what the internal policies are ... by John+Starks · 2004-06-05 03:56 · Score: 2, Interesting

Confounding debugging by tech support? First of all, we're talking about a consumer product here. Tech support is not going to be logging in to see why RADIUS authentication is not working or to troubleshoot some advanced routing issues. In fact, when users call in having forgot their password, I suspect tech support will just tell them to use the reset feature; it's far easier than trying to find out a consumer's IP address.

No, you cannot justify this. Even if there was some kind of two-hour password, it would be a huge security problem. For example, if I'm using one of these to protect my network, and you have a couple thousand bucks lying around, I'm sure you could convince someone at Netgear to give you a two-hour password without a problem. A single password is even more heinous.

Yes, I will no longer be buying Netgear products.
Re:One wonders what the internal policies are ... by jtheory · 2004-06-05 04:10 · Score: 4, Insightful

Sure there is. The reset button will nuke the configuration, the logs, and whatever else state is there, thus confounding debugging by the tech support. A single password is stupid, though. What's needed is something that requires the router s/n, the router's idea of the date, and a passcode generator from cisco. Give the aforementioned info to cisco TS and they can generate a 1 or 2 hour passcode for your router. You could also add a switch to enable this feature on the router itself, but that may not be practical.

I'm not convinced. This is only a concern in cases where you're having technical problems, AND you somehow forgot your password. The danger of having a backdoor easily outweighs the potential benefits. Even with a special password generator from NetGear -- you're still talking security through obscurity. I want to set up my router, make sure it's secure, and forget about it! I don't want to keep checking online to see if you can download N3tg34r_PwG3n.exe yet... and you know it's going to show up eventually.

Half the time you have any technical issues, the tech support is just going to tell you to do a hard reset anyway....

Even if they gave you one of those paperclip-hole style buttons that would reset all your passwords to your device's serial number (or to enable some other backdoor), this would still be dangerous in a lot of situations. Suppose you're running an internet cafe -- you can't always trust the people sitting around your router!

Either way, I don't think this backdoor was installed for tech support reasons -- it doesn't even seem to have been installed by NetGear themselves. Hopefully some more details will come out soon... and hopefully some heads will roll.

It's funny; I just read that new story by the AdTI guy explaining how Linux wasn't safe to use because it depended on "trust". Hah! How nice for the corporate world to step forward and show that *they* can be trusted.

--
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
Re:One wonders what the internal policies are ... by Dun+Malg · 2004-06-05 04:28 · Score: 3, Insightful

. . .what happens when they do a source code audit after these are found and track down the programmers who put 'em in.
I believe that's "give them a bonus and a company car."
These back doors are not trojans installed by disgruntled employees, but there by company policy.
I'm always astounded when others are astounded by the existence of back doors in things. Pretty much anything that takes a password has a backdoor in it. Phone systems, voicemail systems, even those telephone entry systems on apartment buildings; all got back doors. Tech support is hard enough already without having to deal with unknown passwords. Some are better than others, though. Sentex telephone entry systems have back door passwords that are a hash of the unit's serial number, and only Sentex tech support has access to the program that generates them. Not that one usually needs the backdoor; most Sentex units I see still use the factory password "000000"...

--
If a job's not worth doing, it's not worth doing right.
Re:One wonders what the internal policies are ... by Ifni · 2004-06-05 05:16 · Score: 2, Insightful

They are actually not that bad an idea IF implemented properly. It is a fact of tech support that some hapless user will lock themselves out of their own box.

I think the best solution I've seen is from Intel for their 530T/535T series switches, where you can download a software utility that will generate a default password for your switch when you enter in the MAC address of the switch's management module. This password ONLY works from the console (requiring physical access to the switch, or root access to a console sharing device attatched to it).

I was thinking that if they upped this to also be time dependant, it would increase the security even more, but this is wrong for two reasons - a) if the switch is hosed, there's no telling what time it thinks it is, and b) anyone capable of generating a password the first time would be able to generate it again a second time for another x minute "safety window".

Of course, this begs the question - what is the difference between using a tool like this and just not requiring a password when logging in from the console?

--
Oh, was that my outside voice?
Re:One wonders what the internal policies are ... by Rinikusu · 2004-06-05 05:40 · Score: 2, Insightful

If your router is out in the open, you're still fucked.

Personally, all of this makes it MORE COMPLEX than it has to be. Assume physical "control" of the device and ensure that only people with physical access can trigger the pinhole reset or whatever. Why? Because if someone has physical control of your router/box, you've got more serious problems at hand. The problem with the grandparent is that there's TOO MUCH FUCKING COMPLEXITY. You think tech support is hell now? Wait until you have to call support to get your temporary passcode, after being on hold for a couple hours and then explaining your problem to some outsourced tech whose accent is so strong you can't even understand them, having to call back when you fuck something else up unintentionally in the process, etc etc.

Again, if you're a coffee house, keep your damn routers in the back, out of customer's (and your) way. Maybe someone could do brisk business selling router "safes" that only have a couple holes for cabling in the back, but require a key to open up to access.

--
If you were me, you'd be good lookin'. - six string samurai

Just another reason by Anonymous Coward · 2004-06-05 02:35 · Score: 2, Insightful

why outsourcing(esp. when security should be a key component of your product) can be a bad idea. The article states that the password is the phone # of the place in Taiwan that develops and manufactures the device.
They never thought to check this before distributing it, and now they suffer because of poor quality control. Is the outsourcer going to suffer? Maybe, or maybe they will just move on to the next contract. We shall see.

Re:Just another reason by kfg · 2004-06-05 02:56 · Score: 4, Insightful

This isn't outsourcing in the sense that IBM outsources its programing and support staff. It's oursourcing in the sense that your Raleigh bicycle is actually a Giant with a Raleigh sticker on.

It isn't even really outsourcing in the sense that Dell oursources its video cards to ATI, its cpus to Intel and its CD drives to LG, which is all perfectly legitimate. Would you really expect Dell to make its cpus and capacitors?

You buy stuff and market it.

z-com is the actual manufacturer and they sell their products to marketers. Netgear just buys the stuff and resells it.

Just like you could go to z-com and have them slap some stickers on stuff for you to resell. Or Giant. Or whoever makes Levis and Calvin Klien jeans in China. Or. . .

This isn't about "outsourcing." This about a marketing firm getting stuck with some bad product.

KFG
Re:Just another reason by crazy+blade · 2004-06-05 03:26 · Score: 2, Insightful

You hve a point. But I still wouldn't take them off the hook so fast. This seems to indicate that NetGear should require a "no backdoors inside" guarantee on such contracts.

--
To err is human, but to forgive is beyond the scope of the Operating System...
Re:Just another reason by kfg · 2004-06-05 04:02 · Score: 2, Interesting

I still wouldn't take them off the hook so fast.

Who said anything about taking them off the hook? As the marketer it is Netgear that is directly responsible to their customers.

As the manufacturer it is z-com that is responsible to its customers, in this case, Netgear. There is a hierarchy of customers here in which Netgear in in the middle. The man in the middle is often the one to get squashed.

This seems to indicate that NetGear should require a "no backdoors inside" guarantee on such contracts.

Yes, it would, wouldn't it? And I'm sure in future it will, at least in essence, but is it not always the case that you find out what your contract should have said after it goes bad on you somehow?

But look at it this way. What if you were going into the white box business about the time of release for the Pentium II chip, would your "contract" with Intel have a "no floating point calculation errors" clause, or would it more likely be a simple receipt for the deliver of and payment for 1000 cpus?

And when the bug hit the public and people demanded a fix from you wouldn't you have considered it Intel's error and Intel's problem?

And what would you put into your "contract" with Intel on your next cpu purchase to protect you from the next, and currently unknown, issue?

When you buy your next car will you demand a "won't blow up on me" clause to your contract, or do you simply consider that issue part of the already extant express and implied guaruntee that attaches to the car? The latter is certainly the way the courts view it.

You buy stuff. You get a receipt.That stuff has certain express and implied guaruntees attached to it just like anything else. You resell it with express and implied guaruntees. If the stuff turns out to be bad in some way your customers bitch to you and you have to make good. You are also a customer, of your supplier, so you bitch to them and they have to make good.

That's just the way the buying and selling business works.

KFG

The problem of convinience by luvirini · 2004-06-05 02:36 · Score: 5, Insightful

This is a general problem when you buy ready made solutions in the form of "boxes" , you cannot be fully sure of anything inside so it is basically a question of trust.

For example firewalls:

Question 1: how do you know the box firewall you bought is secure and no backdoors?

Answer: normally you do not.

Question 2: Why do majority ofpeople buy those instead of making their own?

Answer: Because it is a lot more convinient

So instead of spending time to build something, most people want to just get something that works and thus have to just trust the vendors, as they do not have the skill/time/inclanation/will etc to do it themselves.

Re:The problem of convinience by Temporal · 2004-06-05 02:59 · Score: 4, Insightful

Question 1: How do you know the CPU you bought is secure and has no code-modifying backdoors?

Answer: Normally you do not.

Question 2: Why do the majority of people buy those instead of manufacturing their own?

Answer: Because it is a lot more convenient.

Any piece of hardware can have a backdoor in it, really. If anything, you're probably safer buying the system all in one piece, because:

1) A packaged system built by a respected company is likely to be far better reviewed and tested than something you assemble/install yourself.

2) If it has a hole, you know exactly whom to blame (and perhaps sue for damages, if exploited).
Re:The problem of convinience by evilviper · 2004-06-05 03:26 · Score: 2, Insightful

Question 2: Why do majority ofpeople buy those instead of making their own?

Answer: Because it is a lot more convinient

I have a better answer... Because 99.9% don't realize there could be a security problem with it. I don't worry about security when I buy a washing machine or a TV, and that's about how most people view "box" devices.

Also, I would add that it's more than convience, since most people wouldn't be able to configure a computer to be a firewall if their life depended upon it. Maybe a custom OpenBSD distro is in order... One that will configure a firewall on it's own, and use good defaults for everything, so it needs no configuration for most people. But then again, you don't really know that software isn't back-doored either... You've got to trust somebody...

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Re:The problem of convinience by Jay9333 · 2004-06-05 03:31 · Score: 2, Insightful

Question 1: how do you know the box firewall you bought is secure and no backdoors?
Answer: normally you do not.
Question 2: Why do majority ofpeople buy those instead of making their own?
Answer: Because it is a lot more convinient
So instead of spending time to build something, most people want to just get something that works and thus have to just trust the vendors, as they do not have the skill/time/inclanation/will etc to do it themselves.
No one has the time to examine every line of every piece of software (or hardware/firmware) they use that could potentially contain a vulnerability. It is impossible. That is why you only use software that has been in the community (open-source or closed) long enough to where it is generally trusted by experts and laymen alike. That is no guarantee, but that is the best one possible. Shit happens.
Re:The problem of convinience by Harodotus · 2004-06-05 05:50 · Score: 4, Informative

Smoothwall is exactly that, a custom Linux distro with boot-from-cd install that only requires you to hit "enter" a couple dozen times to turn any old 2 nic pc into a pre-configured modern firewall with internal NAT and DHCP.

I use it and find it very handy (lots of old PC hardware about)

--
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.

taiwan, eh? by abscondment · 2004-06-05 02:36 · Score: 5, Funny

A search on Google revealed that "5777364" is actually the phonenumber of z-com Taiwan which develops and offers WLAN equipment for its OEM customers.

This number, surprisingly enough, is also the total amount of wooden furniture shipped from Malaysia to Bahrain in 1998. Conpsiracy! Conspiracy!

Re:taiwan, eh? by AbbyNormal · 2004-06-05 03:39 · Score: 2, Funny

Also my luggage combination....MUha ha ha ha ha.

Oh, nevermind.

--
Sig it.

Possibilities. by alexatrit · 2004-06-05 02:37 · Score: 5, Interesting

It's possible that that this goes on a whole lot more than we'd like to admit. Just yesterday I was talking to a friend who called Dell technical support about her BIOS password on an Inspiron 5000. She had forgotten it, and couldn't access her settings. Unlike the old days where you'd crack open the box and to the BIOS jumper switch, Dell provided her with a 6 character BIOS password that magically unlocked her system.

--

Nothing but the finest in meaningless drivel

Re:Possibilities. by alexatrit · 2004-06-05 02:47 · Score: 5, Informative

I stand corrected, here.

"The only way to clear the BIOS password is with a Master Reset Password provided by Dell for that Model No. and they will not give you the master unless you can give them the name. address and telephone of the registered owner. However the password is universal for all laps with the same model no., so if you know someone who is a registered owner, you can call Dell and get the master."

Reference here. That being said, the master for an Inspiron 5000 is BLVJCH. Booyah!

--

Nothing but the finest in meaningless drivel
Re:Possibilities. by evilviper · 2004-06-05 03:18 · Score: 2, Interesting

That's not good, but it's far better than the other extreme. IBM claims there is no way to clear a BIO password on their laptops, so lots of people on ebay or other sites are buying expensive IBM paperweights. Now, I know for a fact that the password can be recovered and/or resetted easily with some basic equipment, but IBM continues to insist that only a motherboard replacement will due, and they charge you the full-price of a mobo just because of a stupid BIOS password. One has to wonder if they are charging you, then resetting the password on your original mobo and selling it again to someone else...

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant

Re:No backdoors with BSD! by Trigun · 2004-06-05 02:41 · Score: 5, Funny

best line i could think of was "why do you come back and try my new kernal on...

You should try my pick-up line: Excuse me miss, but does this rag smell like chloroform?

Works every time.

Packaged network boxes by swb · 2004-06-05 02:42 · Score: 2, Interesting

I've used a couple of the Netgear FVS318 firewall/vpn boxes; they're cheap, sturdily constructed, easy to configure and pretty reliable, but I'm always a little hinky about the unconfigurable software options as much as I am about the backdoors.

My FVS318 does NTP to a hard-coded destination, and there's no way to turn this off or change the NTP sync server that I've found. I've always kind of wondered what else it does or was capable of doing.

Makes those old 486 machines running Linux.. by the_rajah · 2004-06-05 02:42 · Score: 3, Insightful

routers look better all the time. At least you have some control over it....if you're a geek anyway.

Which ones of the consumer products are safe? I'm running a D-Link wireless right now.Yes the encryption is on.

"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain

--

"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain

Netgear WG302 by the+eric+conspiracy · 2004-06-05 02:42 · Score: 3, Informative

Well. at least this username/password doesn't work with a WG302 with firmware 1.5.

Awesome! by SuperBanana · 2004-06-05 02:42 · Score: 5, Funny

Fixed in new firmware, available here:

Super! Now I just have to downlo
[CONNECTION DROPPED, REMOTE SIDE 0WN3D]

--
Please help metamoderate.

linked properly for the lazy by Anonymous Coward · 2004-06-05 02:43 · Score: 5, Informative

Netgear Firmware Upgrade

WGR614 by Rinisari · 2004-06-05 02:44 · Score: 3, Informative

NetGear WGR614 is not affected by this bug. I'm going to try to get its firmware and follow the same procedure listed in that Bugtraq report to see what I can find.

--
Colin Dean Go a year without DRM

Too easy by SuperBanana · 2004-06-05 02:45 · Score: 3, Funny

All your basestation are belong to us?

Man, takes all the fun out of these jokes when it's so easy.

--
Please help metamoderate.

It's a feature, not a bug. by gumpish · 2004-06-05 02:48 · Score: 5, Informative

The URL is "mangled" for people browsing with mobile devices. The space is added so tiny displays can word wrap the text. (And also so crapflooders can't make your horizontal scroll bar appear.)

Personally I think the number of people using such browsers is probably so small that there is no justification for this "feature", but since Slashdot isn't likely to change, URLs should be submitted as proper links and not just plan text.

Re:It's a feature, not a bug. by Trigun · 2004-06-05 02:52 · Score: 2, Informative

There is a justification for this feature. Put an eicar test signature into a comment, and watch some realtime virus scanners go nuts.
Re:It's a feature, not a bug. by josh3736 · 2004-06-05 10:06 · Score: 2, Interesting

A thought occurs!
Instead of " " why don't they put in a "<wbr>"???
This way, it would still wrap long text but wouldn't put those ugly spaces in when it doesn't need to wrap!
(Grabs patent application...)

Take my advice by Q2Serpent · 2004-06-05 02:52 · Score: 4, Informative

I know this is a huge problem for the general public, but for those of us with a linux machine, do what I do and save yourself some trouble: put two network cards in the linux machine. Connect one to the internet and the other to your wireless router's normal ethernet ports (don't use the port that is supposed to be for the internet). Then, just set up your linux firewall/NAT, and you get all the benefits of wireless and a wired hub on the inside, with a linux machine doing the routing/firewalling for security from the outside. Since the router isn't on the net, no one can even touch it.

Good grief... by zoloto · 2004-06-05 02:53 · Score: 4, Interesting

I tried this recently on my own unit. Works like a charm. Now that I'm really pissed, it looks like I'll might have to really complain through the courts by filing a motion with the intent to sue. Not only that, but get that old 500mhz p3 out of the closet and turn it into a router/NFS/SAMBA server and sell the POS netgear router on eBay.

That was the last straw. No more firmware based routers unless I make them myself, or use exsisting ones as wireless switch and really try to lock it down or use third party firmware. /end_rant

learning how to make a linux router / NFS will be handy anyhow

Re:Good grief... by Gojira+Shipi-Taro · 2004-06-05 03:34 · Score: 3, Informative

Look into Smoothwall. I'm using it on an old PPro 200 as a firewall/router. It supports 3 networks at the moment (red/external, Green/internal, Orange/restricted (wlan for instance). I have an older netgear router that I keep as a spare (the old PPro 200 has to die sometime...), but even with that, the Smoothwall config can be dumped to floppy and moved to a completely different machine easily.

--
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
Re:Good grief... by AbbyNormal · 2004-06-05 04:28 · Score: 2, Interesting

I second that! I've been using Smoothwall for about a year, what's nice about it, is that you can EASILY add addon's/plugins developed by others, to your system. Also, if you feel so inclined, its mostly a perl based system, so you can write your own custom scripts.

The installation is a snap and the default installation is good enough for 99% of "normal" internet users.

--
Sig it.

Well, at least it's only an access point by the+eric+conspiracy · 2004-06-05 02:55 · Score: 4, Insightful

These things usually sit behind a firewall, so you aren't in quite as bad shape as if it offering it's private parts to the general internet like the Linksys.

they published the password? by pedantic+bore · 2004-06-05 03:09 · Score: 3, Interesting

Gadzooks, could they have made it any easier for script kiddies to exploit this? Might as well just power down your netgear box until a new firmware patch comes out (assuming the firmware can be patched).

I don't believe in security through obscurity, but I also don't believe in publishing backdoor passwords. It's not like it has any educational value (unlike looking at some exploits, which helps programmers learn how to write code that's not vulnerable).

--
Am I part of the core demographic for Swedish Fish?

Re:they published the password? by Spinality · 2004-06-05 06:57 · Score: 2, Informative

I'm curious what you will do with this information -- what can you do that you couldn't do before?

Well, I used it to verify whether I was vulnerable. I was. I'm glad to observe it. I've downloaded the new firmware and hope to be safe. They couldn't contact me via registration card because I NEVER send in those things. They're just marketing gimmicks used as an opt-in.

Moreover, the script kiddies will manage to get this information whether or not it's publicly posted. This way, I have it as well as them.

Just my view.

--
-- We all have enough strength to endure the misfortunes of other people. La Rochefoucauld

Can you believe it? by cccemper · 2004-06-05 03:09 · Score: 2

I am amazed.... I just wonder how many DOS or DDOS attacks were made based on this wonderful backdoor... and btw: shall all the NetGear Users now dump their devices ?!? no way... if this thing is really un-patchable, then I suspect this leak to be open for many years from now, as the device is one of the most current ones... wow - just before I bought it :-)

WG602v2 with firmware 2.0rc5 by thewiz · 2004-06-05 03:10 · Score: 3, Informative

Just checked my WG602v2 and the factory firmware upgrade 2.0rc5 and they do not have the backdoor.

Whew!

--
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?

Re:remove space in URL by eyeye · 2004-06-05 03:12 · Score: 2, Interesting

Nah, plain text urls not wrapped in other tags should be converted to html links.
Its surprising that slashdot hasnt already added this basic feature.

--
Bush and Blair ate my sig!

Man... by 222 · 2004-06-05 03:15 · Score: 3, Interesting

ok, this is bad... but what i see as a far worse problem is that most oems dont bother setting passwords on windows xp installs.
i've even seen this happen on a thinkpad, and i would have thought ibm of all people to know better. i've seen this on a few venders before but i cant remember exactly which ones, has anyone else seem this happen before?

Re:How very timely... by Homology · 2004-06-05 03:20 · Score: 3, Informative

I was going to buy a Netgear wireless access point/router this week.

If 11Mbps is sufficient for your needs, you could by a 802.11b wireless card that uses the Prism 2.5 chipset. This chipset can function in hostAP mode. At home I use Netgear MA311 in an older Dell functioning as my wireless access point, internet gateway and firewall. Instead of WEP, I use IPSec, and only authorized IPSec traffic is allowed (and thus no leaching from my Kazaa loving neighbour).

You might need to flash the firmware, though, which you can find here.

If you want a secure, easy and hassle free gateway, just install OpenBSD.

Provides convenient excuse for content access by noidentity · 2004-06-05 03:32 · Score: 3, Funny

Come on! These backdoors provide a convenient excuse when you're charged with breaking the law by accessing illegal content over your connection. If the vendor told you of their presence, you wouldn't be able to use them as a defense. Er wait, if you didn't know of them... hmmm...

Good grief... INDEED! by Saeed+al-Sahaf · 2004-06-05 03:44 · Score: 2, Insightful

99.99999% of the "deadenders" who sputter and spew "I... I'm gonna SUE!!!!" will not, and really have no clue about what it would tak or even if they have any real legal basis to "SUE!!!!"

It's cheap consumer electronics. Return it and get one that does not have this issue, then resume your life. No story here, move along.

--
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck

Re:Vendor will soon have legal problems. by MrMr · 2004-06-05 03:59 · Score: 2, Interesting

Don't worry, the vendor is probably a few thouasnd miles outside US jurisdiction.
If I were a cynical bastard I might add that Netgear benefits twice from outsourcing its production...

The Linksys problem was a false report by lseltzer · 2004-06-05 04:11 · Score: 3, Informative

Even the guy who reported it has admitted it and Linksys issued a statement.

Re:The Linksys problem was a false report by LoadWB · 2004-06-05 08:40 · Score: 2, Informative

Hrmmmm. I like it when others tell me what I said.

No, I did not issue a statement admitting it was a false report. I said that a critical element did not show up in testing of newly purchased equipment.

And I am not sure how I feel about Mr. Seltzer's article. Especially his statement about trust. It is obvious that we should trust him over others because he is the author of the "Official" book on LinkSys. I do not, however, think that we should dismiss, or not trust, anything anyone has to say about security, regardless of stature. True, my announcement was not confirmed, and the more responsible in the Internet news community did indeed hold off on their reports while responses and discussions continued. Bravo.

LinkSys has "told" us by proxy of Mr. Seltzer that the units I got with the odd behaviors were customer returns. Well, I cannot speak for what LinkSys says -- they certainly did not say that to me. I do say that is pure conjecture, on both my and LinkSys' part, but it does make for a reasonable assumption concerning the three units used in later testing.

Just for information, there is no comment from LinkSys on this issue on its press release page http://www.linksys.com/press/press.asp , nor from Cisco http://newsroom.cisco.com/dlls/index.html

Even so, I still stand firmly by my original findings. Two older units *did* do this, even after a factory reset. Bad hardware? Pre-release firmware? Who knows. I saw what I saw. But it does go to prove one very important point: we should not be complacent about our perception of security. If you install Internet-facing equipment for clients, you are providing a great service to everyone if you port-scan the device. When you purchase Internet equipment, check the configurations and make sure it matches up to what you expect. Do not take your security for granted.

As an aside, Larry Seltzer, regardless of his credibility, is another journalist who has never contacted me for clarification or expanded information.

No, it wasn't... by Otto · 2004-06-05 04:36 · Score: 2, Informative

The problem still exists. If you disable the firewall and disable remote admin, you can still get the remote admin page over the WAN. That, to me, is a bug. Okay, it may be a weird config as they stated, but it's a bug nevertheless.

They also have beta firmware up on that link you posted to fix the problem.

--
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.

WAP54G also had SNMP issues in 1.08 by David+M.+Andersen · 2004-06-05 04:55 · Score: 2, Informative

I was able to change NVRAM parameters using snmpset regardless of the community strings as long as SNMP was enabled on the WAP54G.

dma@laureate:~$ snmpwalk 192.168.1.254 -O n -v 1 -c froqegftoeqgteqg enterprise .1.3.6.1.4.1.3955.1. 1.0 = STRING: "v1.08, Aug 05, 2003" ... .1.3.6.1.4.1.3955.2.1.8.0 = IpAddress: 192.168.1.254 .1.3.6.1.4.1.3955.2.1.9.0 = IpAddress: 255.255.255.0 ... dma@laureate:~$ snmpset -c wghwgqgqerc -v 2c 192.168.1.254 .1.3.6.1.4.1.3955.2.1.8.0 a "10.0.0.1" SNMPv2-SMI::enterprises.3955.2.1.8.0 = IpAddress: 10.0.0.1

The changes took effect when the device was reset or power cycled. I didn't really investigate further. I reported this to Linksys. Not sure if they did anything about it.

confirmation, I (was) affected by this by Thanster · 2004-06-05 08:14 · Score: 2, Insightful

My home network has a wireless point that is provided by this very router, I checked, and the backdoor worked. :( The updated firmware available on netgears site fixed this :) I used to really like netgear stuff, now less so! Thanks for bringing this to my attention slashdot!

NOT fixed in new firmware! by Rex+Code · 2004-06-05 11:31 · Score: 2, Informative

According to a recent BugTraq by Jaco Swart, all the new firmware does is change the backdoor username from "super" to "superman" and the password to "21241036".

Does Netgear really think the security community is that stupid? They should be ashamed.

NOT A PROBLEM by $ASANY · 2004-06-05 15:21 · Score: 2, Informative

I just ran this against my WG602 running firmware 1.5.7, and the account doesn't exist. So if you perform the absolute minimal step of checking for software upgrades before you put this into service, you won't run into any problem.

If you don't immediately check for upgrades when you open a box and haven't with this hardware, though, perhaps you deserve to get 0wn3d?

Slashdot Mirror

NetGear Also Has Remote Access Wide Open

68 of 215 comments (clear)