NetGear RP114 Web Safe Router allows external access by default
| netgear-default-external-access (9371) |  High Risk |
Description:
NetGear RP114 Web Safe Router could allow a remote attacker to gain administrative access to the router. The NetGear RP114 router is shipped with a default IP address (192.168.0.1), username (admin), and password (1234). If a remote attacker sets their IP address within the router's IP range and uses HTTP or Telnet to connect to the router, the attacker would then be able to gain administrative access.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Mon Jun 17 2002 - 07:13:36 CDT: External access to Netgear RP114 "firewall".
- BID-5036: NetGear RP114 Administrative Access Via External Interface Vulnerability
- CVE-2002-2020: Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
Platforms Affected:
- NETGEAR RP114 3.26
Reported:
Jun 17, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net