TUCoPS :: Network Appliances :: nap5982.htm

Netgear configuration accessible to unauthentified users
11th Feb 2003 [SBWID-5982]
COMMAND

	Netgear configuration accessible to unauthentified users

SYSTEMS AFFECTED

	Netgear FM114P Wireless Router firmware  v1.4  Beta  Release  17  others
	have not been tested

PROBLEM

	b.stickler [http://intex.ath.cx] found :
	
	documents/files can be accessed without authentication by using  escaped
	directory traversal from the accessible /upnp/service directory.
	
	this results f.ex. in the ability to  grab  configuration  file  without
	authentication  on   the   router   (remotely   possible   when   remote
	configuration is enabled) by using the following url:
	
	http://ip-or-hostname:port/upnp/service/%2e%2e%2fnetgear.cfg
	
	this config file  contains  dialup-password,  dynamic  dns-configuration
	password and the main router configuration options. the  router-password
	and wep-keys are NOT included in this configuration file.
	
	as far as i can say from my tests, there is  no  possibility  to  submit
	data to forms on the router web-interface. (if so, it would be  possible
	to reset password or access wep-keys).

SOLUTION

	?
	
	 Workaround
	 ==========
	
	To avoid the possibility for others to  grab  your  config-file,  simply
	disable the  remote  management  of  the  router  (if  enabled  anyway).
	disabling the upnp option of the router software  does  not  affect  the
	behaviour.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH