Sign-up

ID

VAR-200412-0824


CVE

CVE-2004-2556


TITLE

Netgear WG602 Wireless Access Point Default Backdoor Account Vulnerability

Trust: 0.9

sources: BID: 10459 // CNNVD: CNNVD-200412-746

DESCRIPTION

NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. Netgear WG602 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device. Netgear WG602 access point with firmware version 1.04.0 is reportedly affected by this issue. It is likely that other versions of the firmware are also vulnerable. It is reported that the new version (1.7.14) of the Firmware for WG602 is vulnerable to this issue as well, however, the username and password for the backdoor account has been changed. Remote attackers can use this vulnerability to modify the configuration

Trust: 1.53

sources: NVD: CVE-2004-2556 // BID: 16835 // BID: 10459 // VULHUB: VHN-10984

AFFECTED PRODUCTS

vendor:netgearmodel:wg602scope:eqversion:1.5.67

Trust: 1.6

vendor:netgearmodel:wg602scope:eqversion:1.04.0

Trust: 1.6

vendor:netgearmodel:wgt624scope:eqversion:0

Trust: 0.3

vendor:netgearmodel:wg602 access pointscope:eqversion:1.7.14

Trust: 0.3

vendor:netgearmodel:wg602 access pointscope:eqversion:1.04.0

Trust: 0.3

vendor:netgearmodel:wg602v2 access point rc6scope:neversion:3.2

Trust: 0.3

vendor:netgearmodel:wg602v2 access point rc5scope:neversion:3.1

Trust: 0.3

vendor:netgearmodel:wg602v2 access point rc2scope:neversion:3.1

Trust: 0.3

vendor:netgearmodel:wg602v2 access point rc5scope:neversion:2.0

Trust: 0.3

vendor:netgearmodel:wg602v2 access pointscope:neversion: -

Trust: 0.3

vendor:netgearmodel:wg602 access pointscope:neversion:1.7.15

Trust: 0.3

sources: BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-746 // NVD: CVE-2004-2556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2556
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-746
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2556
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10984
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10984 // CNNVD: CNNVD-200412-746 // NVD: CVE-2004-2556

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2556

THREAT TYPE

network

Trust: 0.6

sources: BID: 16835 // BID: 10459

TYPE

Design Error

Trust: 1.2

sources: BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-746

EXTERNAL IDS

db:NVDid:CVE-2004-2556

Trust: 2.3

db:BIDid:10459

Trust: 2.0

db:SECUNIAid:11773

Trust: 1.7

db:OSVDBid:6743

Trust: 1.7

db:CNNVDid:CNNVD-200412-746

Trust: 0.7

db:CIACid:O-159

Trust: 0.6

db:BUGTRAQid:20040605 RE: NETGEAR WG602 ACCESSPOINT VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20040603 NETGEAR WG602 ACCESSPOINT VULNERABILITY

Trust: 0.6

db:XFid:602

Trust: 0.6

db:XFid:16312

Trust: 0.6

db:BIDid:16835

Trust: 0.3

db:VULHUBid:VHN-10984

Trust: 0.1

sources: VULHUB: VHN-10984 // BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-746 // NVD: CVE-2004-2556

REFERENCES

url:http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172

Trust: 2.2

url:http://www.securityfocus.com/bid/10459

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html

Trust: 1.7

url:http://www.securityfocus.com/archive/1/365230

Trust: 1.7

url:http://www.ciac.org/ciac/bulletins/o-159.shtml

Trust: 1.7

url:http://kbserver.netgear.com/kb_web_files/n101383.asp

Trust: 1.7

url:http://www.osvdb.org/6743

Trust: 1.7

url:http://secunia.com/advisories/11773

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16312

Trust: 1.1

url:http://www.netgear.com/support_main.asp

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/16312

Trust: 0.6

url:http://kbserver.netgear.com/products/wgt624.asp

Trust: 0.3

url:/archive/1/426187

Trust: 0.3

url:http://www.netgear.com/products/prod_details.php?prodid=170

Trust: 0.3

url:/archive/1/365380

Trust: 0.3

url:/archive/1/365292

Trust: 0.3

url:/archive/1/365150

Trust: 0.3

url:/archive/1/365157

Trust: 0.3

url:/archive/1/365230

Trust: 0.3

url:/archive/1/365309

Trust: 0.3

url:/archive/1/365303

Trust: 0.3

url:http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172

Trust: 0.1

sources: VULHUB: VHN-10984 // BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-746 // NVD: CVE-2004-2556

CREDITS

Discovery is credited to Tom Knienieder <knienieder@khamsin.ch>.

Trust: 0.9

sources: BID: 10459 // CNNVD: CNNVD-200412-746

SOURCES

db:VULHUBid:VHN-10984
db:BIDid:16835
db:BIDid:10459
db:CNNVDid:CNNVD-200412-746
db:NVDid:CVE-2004-2556

LAST UPDATE DATE

2024-08-14T13:39:51.663000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-10984date:2017-07-11T00:00:00
db:BIDid:16835date:2016-07-06T14:40:00
db:BIDid:10459date:2004-06-03T00:00:00
db:CNNVDid:CNNVD-200412-746date:2006-01-24T00:00:00
db:NVDid:CVE-2004-2556date:2017-07-11T01:32:00.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-10984date:2004-12-31T00:00:00
db:BIDid:16835date:2006-02-27T00:00:00
db:BIDid:10459date:2004-06-03T00:00:00
db:CNNVDid:CNNVD-200412-746date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2556date:2004-12-31T05:00:00