Netgear's Amusing "fix" for WG602v1 Backdoor

An anonymous reader writes "Recently Slashdot reported that the Netgear router has as WLAN backdoor. According to this report by the news service of the German publisher Heise Netgear "fixed" the problem with a firmware update. And what is the fix? According to Heise, they didn't remove the backdoor at all. Instead they just changed the login information! They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "

Re:Oops...

[einhverfr]

Chalk up another loss for 'security by obscurity'.

Well, that might be good enough, if they could choose the login information. But now that they published it....

First rule of passwords is that you don't talk about your passwords....

Article Text

[Three+Headed+Man]

Courtesy of this online GermanEnglish Dictionary and my German teacher, Frau Richards, whereever you are.

Netgear has promptly reacted to the reports of a backdoor in the WLAN-Access-Point WG602 Version 1 with a Firmware-Update, however, the backdoor is still present, but with a new user name and password. They were a little creative with the name and extended the original character string "super" to "superman." With the password, Netgear has obviously taken the message of security seriously and changed the password to "21241036." However, to whom this telephone number points, Netgear did not comment. There, they knew nothing and initially only wanted to make themselves aware of the (details of the) problem.

Again, there is not a real updated firmware design yet. The question arises whether users are still determined--after the second patch--to get new software. In the lawyer's opinions, this problem could be reason enough to take back the device to the retailer and receive a refund of the purchase price. For now, the retailer can try to fix the shortcoming, however, the chances of that are not very good.

Re:According to Netgear...

I would have thought the link refers to the "fix" we're discussing here.