Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetGear Also Has Remote Access Wide Open

Posted by CowboyNeal on from the hotspot-back-doors dept.

Glenn Fleishman writes "On the heels of Linksys's WRT54G problem of not allowing remote access to be disabled in certain cases and firmware, BugTraq published this report that NetGear's WG602 access point has a hidden password that provides remote and local administrative control. Unlike Linksys's, where turning the firewall on (which is on by default, but a researcher found new units in which it was off when taken out of the box), the NetGear hole cannot be disabled. The backdoor seems to have been created by the vendor that packaged the device for NetGear."

12 of 215 comments (clear)

  1. Don't you mean.. by Sadiq · · Score: 5, Funny

    "The backdoor seems to have been created by the vendor that used to package devices for NetGear"

    --
    SysWear - Geek T-shirts (UK/Europe)
  2. Fixed in new firmware, available here: by Anonymous Coward · · Score: 5, Informative

    http://kbserver.netgear.com/support_details.asp?dn ldID=735

    1. Re:Fixed in new firmware, available here: by Chucky+B.+Bear · · Score: 5, Informative
      I've just upgraded to the latest firmware. It is NOT FIXED!!!! They have simply gone and changed the username and password to something else. There is STILL a default superuser account with password.

      (You can find it yourselve by just taking similiar steps as in the securityfoces article.)

  3. Re:One wonders what the internal policies are ... by Trigun · · Score: 5, Funny

    There's a backdoor in the software auditing software. The programmer is safe.

  4. The problem of convinience by luvirini · · Score: 5, Insightful
    This is a general problem when you buy ready made solutions in the form of "boxes" , you cannot be fully sure of anything inside so it is basically a question of trust.

    For example firewalls:

    Question 1: how do you know the box firewall you bought is secure and no backdoors?

    Answer: normally you do not.

    Question 2: Why do majority ofpeople buy those instead of making their own?

    Answer: Because it is a lot more convinient

    So instead of spending time to build something, most people want to just get something that works and thus have to just trust the vendors, as they do not have the skill/time/inclanation/will etc to do it themselves.

  5. taiwan, eh? by abscondment · · Score: 5, Funny

    A search on Google revealed that "5777364" is actually the phonenumber of z-com Taiwan which develops and offers WLAN equipment for its OEM customers.

    This number, surprisingly enough, is also the total amount of wooden furniture shipped from Malaysia to Bahrain in 1998. Conpsiracy! Conspiracy!

  6. Possibilities. by alexatrit · · Score: 5, Interesting

    It's possible that that this goes on a whole lot more than we'd like to admit. Just yesterday I was talking to a friend who called Dell technical support about her BIOS password on an Inspiron 5000. She had forgotten it, and couldn't access her settings. Unlike the old days where you'd crack open the box and to the BIOS jumper switch, Dell provided her with a 6 character BIOS password that magically unlocked her system.

    --

    Nothing but the finest in meaningless drivel
    1. Re:Possibilities. by alexatrit · · Score: 5, Informative

      I stand corrected, here.

      "The only way to clear the BIOS password is with a Master Reset Password provided by Dell for that Model No. and they will not give you the master unless you can give them the name. address and telephone of the registered owner. However the password is universal for all laps with the same model no., so if you know someone who is a registered owner, you can call Dell and get the master."

      Reference here. That being said, the master for an Inspiron 5000 is BLVJCH. Booyah!

      --

      Nothing but the finest in meaningless drivel
  7. Re:No backdoors with BSD! by Trigun · · Score: 5, Funny

    best line i could think of was "why do you come back and try my new kernal on...

    You should try my pick-up line: Excuse me miss, but does this rag smell like chloroform?

    Works every time.

  8. Awesome! by SuperBanana · · Score: 5, Funny
    Fixed in new firmware, available here:

    Super! Now I just have to downlo
    [CONNECTION DROPPED, REMOTE SIDE 0WN3D]

    --
    Please help metamoderate.
  9. linked properly for the lazy by Anonymous Coward · · Score: 5, Informative

    Netgear Firmware Upgrade

  10. It's a feature, not a bug. by gumpish · · Score: 5, Informative

    The URL is "mangled" for people browsing with mobile devices. The space is added so tiny displays can word wrap the text. (And also so crapflooders can't make your horizontal scroll bar appear.)

    Personally I think the number of people using such browsers is probably so small that there is no justification for this "feature", but since Slashdot isn't likely to change, URLs should be submitted as proper links and not just plan text.