Vulnerabilities > CVE-2004-2557 - Unspecified vulnerability in Netgear Wg602 1.7.14
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN netgear
nessus
Summary
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | NETGEAR_HIDDEN_PASSWORD.NASL |
| description | NETGEAR ships at least one device with a built-in administrator account. This account cannot be changed via the configuration interface and enables a remote attacker to control the NETGEAR device. To duplicate this error, simply point your browser to a vulnerable machine, and log in (when prompted) with : userid = super password = 5777364 or : userid = superman password = 21241036 |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 12258 |
| published | 2004-06-03 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/12258 |
| title | NETGEAR Wireless Access Point Hardcoded Default Password |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html
- http://www.securityfocus.com/archive/1/365230
- http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172
- http://kbserver.netgear.com/kb_web_files/n101383.asp
- http://www.ciac.org/ciac/bulletins/o-159.shtml
- http://www.securityfocus.com/bid/10459
- http://secunia.com/advisories/11773
- http://www.osvdb.org/6743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16312