Details of VAR-200412-0825

ID

VAR-200412-0825

CVE

CVE-2004-2557

TITLE

Netgear WG602 Wireless Access Point Default Backdoor Account Vulnerability

Trust: 0.9

sources: BID: 10459 // CNNVD: CNNVD-200412-414

DESCRIPTION

NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. Netgear WG602 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device. Netgear WG602 access point with firmware version 1.04.0 is reportedly affected by this issue. It is likely that other versions of the firmware are also vulnerable. It is reported that the new version (1.7.14) of the Firmware for WG602 is vulnerable to this issue as well, however, the username and password for the backdoor account has been changed

Trust: 1.53

sources: NVD: CVE-2004-2557 // BID: 16835 // BID: 10459 // VULHUB: VHN-10985

AFFECTED PRODUCTS

vendor:	netgear	model:	wg602	scope:	eq	version:	1.7.14	Trust: 1.6
vendor:	netgear	model:	wgt624	scope:	eq	version:	0	Trust: 0.3
vendor:	netgear	model:	wg602 access point	scope:	eq	version:	1.7.14	Trust: 0.3
vendor:	netgear	model:	wg602 access point	scope:	eq	version:	1.04.0	Trust: 0.3
vendor:	netgear	model:	wg602v2 access point rc6	scope:	ne	version:	3.2	Trust: 0.3
vendor:	netgear	model:	wg602v2 access point rc5	scope:	ne	version:	3.1	Trust: 0.3
vendor:	netgear	model:	wg602v2 access point rc2	scope:	ne	version:	3.1	Trust: 0.3
vendor:	netgear	model:	wg602v2 access point rc5	scope:	ne	version:	2.0	Trust: 0.3
vendor:	netgear	model:	wg602v2 access point	scope:	ne	version:	-	Trust: 0.3
vendor:	netgear	model:	wg602 access point	scope:	ne	version:	1.7.15	Trust: 0.3

sources: BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-414 // NVD: CVE-2004-2557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2557
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-414
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10985
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2557
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10985
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10985 // CNNVD: CNNVD-200412-414 // NVD: CVE-2004-2557

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2557

THREAT TYPE

network

Trust: 0.6

sources: BID: 16835 // BID: 10459

TYPE

Design Error

Trust: 1.2

sources: BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-414

EXTERNAL IDS

db:	NVD	id:	CVE-2004-2557	Trust: 2.3
db:	BID	id:	10459	Trust: 2.0
db:	SECUNIA	id:	11773	Trust: 1.7
db:	OSVDB	id:	6743	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-414	Trust: 0.7
db:	CIAC	id:	O-159	Trust: 0.6
db:	BUGTRAQ	id:	20040605 RE: NETGEAR WG602 ACCESSPOINT VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20040603 NETGEAR WG602 ACCESSPOINT VULNERABILITY	Trust: 0.6
db:	XF	id:	602	Trust: 0.6
db:	XF	id:	16312	Trust: 0.6
db:	BID	id:	16835	Trust: 0.3
db:	VULHUB	id:	VHN-10985	Trust: 0.1

sources: VULHUB: VHN-10985 // BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-414 // NVD: CVE-2004-2557

REFERENCES

url:	http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172	Trust: 2.2
url:	http://www.securityfocus.com/bid/10459	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/365230	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/o-159.shtml	Trust: 1.7
url:	http://kbserver.netgear.com/kb_web_files/n101383.asp	Trust: 1.7
url:	http://www.osvdb.org/6743	Trust: 1.7
url:	http://secunia.com/advisories/11773	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16312	Trust: 1.1
url:	http://www.netgear.com/support_main.asp	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/16312	Trust: 0.6
url:	http://kbserver.netgear.com/products/wgt624.asp	Trust: 0.3
url:	/archive/1/426187	Trust: 0.3
url:	http://www.netgear.com/products/prod_details.php?prodid=170	Trust: 0.3
url:	/archive/1/365380	Trust: 0.3
url:	/archive/1/365292	Trust: 0.3
url:	/archive/1/365150	Trust: 0.3
url:	/archive/1/365157	Trust: 0.3
url:	/archive/1/365230	Trust: 0.3
url:	/archive/1/365309	Trust: 0.3
url:	/archive/1/365303	Trust: 0.3
url:	http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172	Trust: 0.1

sources: VULHUB: VHN-10985 // BID: 16835 // BID: 10459 // CNNVD: CNNVD-200412-414 // NVD: CVE-2004-2557

CREDITS

Discovery is credited to Tom Knienieder <knienieder@khamsin.ch>.

Trust: 0.9

sources: BID: 10459 // CNNVD: CNNVD-200412-414

SOURCES

db:	VULHUB	id:	VHN-10985
db:	BID	id:	16835
db:	BID	id:	10459
db:	CNNVD	id:	CNNVD-200412-414
db:	NVD	id:	CVE-2004-2557

LAST UPDATE DATE

2024-08-14T13:39:51.697000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10985	date:	2017-07-11T00:00:00
db:	BID	id:	16835	date:	2016-07-06T14:40:00
db:	BID	id:	10459	date:	2004-06-03T00:00:00
db:	CNNVD	id:	CNNVD-200412-414	date:	2006-01-24T00:00:00
db:	NVD	id:	CVE-2004-2557	date:	2017-07-11T01:32:00.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10985	date:	2004-12-31T00:00:00
db:	BID	id:	16835	date:	2006-02-27T00:00:00
db:	BID	id:	10459	date:	2004-06-03T00:00:00
db:	CNNVD	id:	CNNVD-200412-414	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2557	date:	2004-12-31T05:00:00