Details of VAR-200408-0245

ID

VAR-200408-0245

TITLE

Netgear DG834G Zebra Process Default Account Password Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2004-2251 // BID: 10935

DESCRIPTION

The NETGEAR DG834G is a router. The NETGEAR DG834G has a default account that can be exploited by remote attackers to modify device settings. By connecting to the NETGEAR DG834G web service, such as: http://192.168.0.1/setup.cgi?todo=debug, you can start the debug mode of the router, then you can Telnet port 23, get ROOT SHELL, the default password for ZEBRA service\" Zebra\" comes to access, so an attacker can access the modified device settings. It is reported that Netgear DG834G devices contain a default password for their Zebra process. Zebra is a dynamic routing daemon, and contains a telnet-accessible configuration shell. It is reported that Zebra listens on both the WAN and the internal network interfaces. By gaining administrative access to Zebra, an attacker has the ability to modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. They may also be able to exploit latent vulnerabilities in Zebra itself. Due to code reuse, it is possible that other devices similar to this one are also affected

Trust: 0.81

sources: CNVD: CNVD-2004-2251 // BID: 10935

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2004-2251

AFFECTED PRODUCTS

vendor:

netgear

model:

dg834g

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2004-2251 // BID: 10935

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2004-2251
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2004-2251
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2004-2251

THREAT TYPE

network

Trust: 0.3

sources: BID: 10935

TYPE

Design Error

Trust: 0.3

sources: BID: 10935

EXTERNAL IDS

db:	BID	id:	10935	Trust: 0.9
db:	CNVD	id:	CNVD-2004-2251	Trust: 0.6

sources: CNVD: CNVD-2004-2251 // BID: 10935

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109234216223804&w=2	Trust: 0.6
url:	http://www.netgear.com/products/prod_details.php?prodid=223&view=	Trust: 0.3
url:	http://www.netgear.com/	Trust: 0.3
url:	/archive/1/371575	Trust: 0.3

sources: CNVD: CNVD-2004-2251 // BID: 10935

CREDITS

<thanasonic@hack.gr> disclosed this vulnerability.

Trust: 0.3

sources: BID: 10935

SOURCES

db:	CNVD	id:	CNVD-2004-2251
db:	BID	id:	10935

LAST UPDATE DATE

2022-05-17T01:52:12.005000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2004-2251	date:	2004-08-12T00:00:00
db:	BID	id:	10935	date:	2004-08-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2004-2251	date:	2004-08-12T00:00:00
db:	BID	id:	10935	date:	2004-08-12T00:00:00