Vulnerabilities > CVE-2004-2557 - Unspecified vulnerability in Netgear Wg602 1.7.14
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | NETGEAR_HIDDEN_PASSWORD.NASL |
| description | NETGEAR ships at least one device with a built-in administrator account. This account cannot be changed via the configuration interface and enables a remote attacker to control the NETGEAR device. To duplicate this error, simply point your browser to a vulnerable machine, and log in (when prompted) with : userid = super password = 5777364 or : userid = superman password = 21241036 |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 12258 |
| published | 2004-06-03 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/12258 |
| title | NETGEAR Wireless Access Point Hardcoded Default Password |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html
- http://kbserver.netgear.com/kb_web_files/n101383.asp
- http://secunia.com/advisories/11773
- http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126&tid=172
- http://www.ciac.org/ciac/bulletins/o-159.shtml
- http://www.osvdb.org/6743
- http://www.securityfocus.com/archive/1/365230
- http://www.securityfocus.com/bid/10459
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16312