ID

VAR-200603-0528


CVE

CVE-2006-1002


TITLE

Netgear WGT624 Wireless Access Point Default Backdoor Account Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2006-1289 // BID: 16835 // CNNVD: CNNVD-200603-071

DESCRIPTION

NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. Netgear WGT624 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device

Trust: 1.8

sources: NVD: CVE-2006-1002 // CNVD: CNVD-2006-1289 // BID: 16835 // VULHUB: VHN-17110

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1289

AFFECTED PRODUCTS

vendor:netgearmodel:wgt624scope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:netgearmodel:wgt624scope: - version: -

Trust: 0.6

vendor:netgearmodel:wgt624scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-1289 // BID: 16835 // CNNVD: CNNVD-200603-071 // NVD: CVE-2006-1002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1002
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-1289
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200603-071
value: CRITICAL

Trust: 0.6

VULHUB: VHN-17110
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-1002
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-1289
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-17110
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-1289 // VULHUB: VHN-17110 // CNNVD: CNNVD-200603-071 // NVD: CVE-2006-1002

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.1

sources: VULHUB: VHN-17110 // NVD: CVE-2006-1002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-071

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-200603-071

EXTERNAL IDS

db:NVDid:CVE-2006-1002

Trust: 2.6

db:BIDid:16835

Trust: 2.6

db:CNNVDid:CNNVD-200603-071

Trust: 0.7

db:CNVDid:CNVD-2006-1289

Trust: 0.6

db:BUGTRAQid:20060413 RE: RE: NETGEAR WGT624 WIRELESS DSL ROUTER DEFAULT USER NAME/PASSWORD VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20060227 RE: NETGEAR WGT624 WIRELESS DSL ROUTER DEFAULT USER NAME/PASSWORD VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20060226 NETGEAR WGT624 ? WIRELESS DSL ROUTER DEFAULT USER NAME/PASSWORD VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20071220 RE: RE: NETGEAR WGT624 WIRELESS DSL ROUTER DEFAULT USER NAME/PASSWORD VULNERABILITY

Trust: 0.6

db:XFid:624

Trust: 0.6

db:XFid:24926

Trust: 0.6

db:VULHUBid:VHN-17110

Trust: 0.1

sources: CNVD: CNVD-2006-1289 // VULHUB: VHN-17110 // BID: 16835 // CNNVD: CNNVD-200603-071 // NVD: CVE-2006-1002

REFERENCES

url:http://www.securityfocus.com/bid/16835

Trust: 2.3

url:http://www.securityfocus.com/archive/1/426187/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/426313/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/431026/30/5580/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/485396/100/0/threaded

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24926

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/24926

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/485396/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/431026/30/5580/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/426313/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/426187/100/0/threaded

Trust: 0.6

url:http://www.netgear.com/support_main.asp

Trust: 0.3

url:http://kbserver.netgear.com/products/wgt624.asp

Trust: 0.3

url:/archive/1/426187

Trust: 0.3

sources: CNVD: CNVD-2006-1289 // VULHUB: VHN-17110 // BID: 16835 // CNNVD: CNNVD-200603-071 // NVD: CVE-2006-1002

CREDITS

Discovery is credited to <info@teamintell.com>.

Trust: 0.9

sources: BID: 16835 // CNNVD: CNNVD-200603-071

SOURCES

db:CNVDid:CNVD-2006-1289
db:VULHUBid:VHN-17110
db:BIDid:16835
db:CNNVDid:CNNVD-200603-071
db:NVDid:CVE-2006-1002

LAST UPDATE DATE

2024-11-23T22:10:33.812000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-1289date:2020-03-10T00:00:00
db:VULHUBid:VHN-17110date:2018-10-18T00:00:00
db:BIDid:16835date:2016-07-06T14:40:00
db:CNNVDid:CNNVD-200603-071date:2006-03-07T00:00:00
db:NVDid:CVE-2006-1002date:2024-11-21T00:07:50.083

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-1289date:2006-03-06T00:00:00
db:VULHUBid:VHN-17110date:2006-03-06T00:00:00
db:BIDid:16835date:2006-02-27T00:00:00
db:CNNVDid:CNNVD-200603-071date:2006-03-06T00:00:00
db:NVDid:CVE-2006-1002date:2006-03-06T20:06:00