0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Netgear WG102 Leaks SNMP write password with read access
======================================================== Netgear WG102 Leaks SNMP write password with read access ======================================================== Dear all, after informing Netgear about the unsafe handling of passwords on their WG102 Access Points nothing happened for several weeks. To inform other users about the potential threat to their networks I decided to share my findings. WG102 offers the the typical SNMP write & SNMP read community password 'protection'. SNMPv2 is already known for weak security, yet NETGEAR goes one step further: the SNMP write community (password) is accessible in cleartext via the MIB which is readable via the SNMP read community. Affected Versions: - Netgear WG102 - with Firmware 4.0.16 - Firmware 4.0.27 (latest as of 2009-01-09) - other firmwares and similar products probably have the same bug (just an assumption!) Possible consequences: - leakage of admin/write password - Once an attacker has SNMP write acccess, she can freely reconfigure the access point. Including e.g. redirect RADIUS authentication to a rogue server. To reproduce: enable snmp (default) and set different SNMP write/read passwords. then on a different machine do: snmpwalk -c READPASSWORD -v2c IP SNMPv2-SMI::enterprises.4526.4.3 the passwords are stored in ...4526.4.3.8.4.0 and ...4526.4.3.8.5.0 Proposed fixes: do not enable SNMP at all. vendor fix required. Best Regards 'Harm S.I. Vaittes' # 0day.today [2024-12-24] #