Netgear's Amusing "fix" for WG602v1 Backdoor

← Back to Stories (view on slashdot.org)

Netgear's Amusing "fix" for WG602v1 Backdoor

Posted by CmdrTaco on Tuesday June 8, 2004 @02:38AM from the get-your-giggle-on dept.

An anonymous reader writes "Recently Slashdot reported that the Netgear router has as WLAN backdoor. According to this report by the news service of the German publisher Heise Netgear "fixed" the problem with a firmware update. And what is the fix? According to Heise, they didn't remove the backdoor at all. Instead they just changed the login information! They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "

9 of 515 comments (clear)

Min score:

Reason:

Sort:

Re:Oops... by einhverfr · 2004-06-08 02:42 · Score: 5, Informative

Chalk up another loss for 'security by obscurity'.

Well, that might be good enough, if they could choose the login information. But now that they published it....

First rule of passwords is that you don't talk about your passwords....

--

LedgerSMB: Open source Accounting/ERP
Re:Bianry Edit by catmaker · 2004-06-08 02:54 · Score: 4, Informative

I'd imagine it wouldn't work. They've probably checksummed the file, and if you change any of the content you'd have to rechecksum it, if you even knew what kind of checksum (if any) they'd used.

Nice idea though.

--
status is failure. status is failure
Article Text by Three+Headed+Man · 2004-06-08 03:02 · Score: 5, Informative

Courtesy of this online GermanEnglish Dictionary and my German teacher, Frau Richards, whereever you are.
Netgear has promptly reacted to the reports of a backdoor in the WLAN-Access-Point WG602 Version 1 with a Firmware-Update, however, the backdoor is still present, but with a new user name and password. They were a little creative with the name and extended the original character string "super" to "superman." With the password, Netgear has obviously taken the message of security seriously and changed the password to "21241036." However, to whom this telephone number points, Netgear did not comment. There, they knew nothing and initially only wanted to make themselves aware of the (details of the) problem.
Again, there is not a real updated firmware design yet. The question arises whether users are still determined--after the second patch--to get new software. In the lawyer's opinions, this problem could be reason enough to take back the device to the retailer and receive a refund of the purchase price. For now, the retailer can try to fix the shortcoming, however, the chances of that are not very good.

--
I'm probably at the karma cap. Mod up a funny troll instead, it lightens the mood :)
Re:Calm down... by bogie · 2004-06-08 03:05 · Score: 4, Informative

First of all we are talking about a Netgear Product so what does Linksys's problem have to do with this? Second of all if you would bother to read the responses in the article you linked to, you would see that some people have already proved that its not a hoax with regards to the Linksys product.

--
If you wanna get rich, you know that payback is a bitch
Re:Not funny at all by pe1rxq · 2004-06-08 03:05 · Score: 4, Informative

This is about a hardcoded backdoor that can't be closed by the user.

Jeroen

--
Secure messaging: http://quickmsg.vreeken.net/
Not the first boner NetGear's pulled by daveschroeder · 2004-06-08 03:09 · Score: 4, Informative

Flawed Routers Flood University of Wisconsin Internet Time Server

http://www.cs.wisc.edu/~plonka/netgear-sntp/

Abstract:

"In May 2003, the University of Wisconsin - Madison found that it was the recipient of a continuous large scale flood of inbound Internet traffic destined for one of the campus' public Network Time Protocol (NTP) servers. The flood traffic rate was hundreds-of-thousands of packets-per-second, and hundreds of megabits-per-second.

Subsequently, we have determined the sources of this flooding to be literally hundreds of thousands of real Internet hosts throughout the world. However, rather than having originated as a malicious distributed denial-of-service (DDoS) attack, the root cause is actually a serious flaw in the design of hundreds of thousands of one vendor's low-cost Internet products targeted for residential use. The unexpected behavior of these products presents a significant operational problem for UW-Madison for years to come.

This document includes the initial public disclosure of details of these products' serious design flaw. Furthermore, it discusses our ongoing, multifaceted approach toward the solution which involves the University, the products' manufacturer, the relevant Internet standards (RFCs), and the public Internet service and user communities."
Re:Firmware 1.5.67 doesn't take this password... by Chucky+B.+Bear · 2004-06-08 03:46 · Score: 4, Informative

Maybe you typed wrong. ;-) I can confirm without any doubt that both versions 1.5.67 and 1.7.14 from the netgear site has these backdoors installed.
As a matter of fact it was me who found the 1.7.14 username and password and posted it to securityfocus after updating my firmware from 1.5.67(which I tested with the super username and password) to 1.7.14.
Re:According to Netgear... by Anonymous Coward · 2004-06-08 03:56 · Score: 5, Informative

I would have thought the link refers to the "fix" we're discussing here.
Has anyone looked at the website? by Xugumad · 2004-06-08 04:11 · Score: 4, Informative

It's just that, according to the site, there's no fix yet:

http://kbserver.netgear.com/kb_web_files/n101383.a sp

Now, there is a firmware from the 4th:

http://kbserver.netgear.com/support_details.asp?dn ldID=735

that claims to fix the problem, but I'm tempted to suggest what's happened is they've changed the username and password while they test a full fix. After all, changing data is generally less likely to break stuff than changing code...