COMMAND

	Netgear configuration accessible to unauthentified users

SYSTEMS AFFECTED

	Netgear FM114P Wireless Router firmware  v1.4  Beta  Release  17  others
	have not been tested

PROBLEM

	b.stickler [http://intex.ath.cx] found :
	
	documents/files can be accessed without authentication by using  escaped
	directory traversal from the accessible /upnp/service directory.
	
	this results f.ex. in the ability to  grab  configuration  file  without
	authentication  on   the   router   (remotely   possible   when   remote
	configuration is enabled) by using the following url:
	
	http://ip-or-hostname:port/upnp/service/%2e%2e%2fnetgear.cfg
	
	this config file  contains  dialup-password,  dynamic  dns-configuration
	password and the main router configuration options. the  router-password
	and wep-keys are NOT included in this configuration file.
	
	as far as i can say from my tests, there is  no  possibility  to  submit
	data to forms on the router web-interface. (if so, it would be  possible
	to reset password or access wep-keys).

SOLUTION

	?
	
	 Workaround
	 ==========
	
	To avoid the possibility for others to  grab  your  config-file,  simply
	disable the  remote  management  of  the  router  (if  enabled  anyway).
	disabling the upnp option of the router software  does  not  affect  the
	behaviour.