Next message: Andrew McClymont: "Infecting the KaZaA network?"
Does anyone know if NetGear Router RP114 is also affected by this problem?
thanks
>Product:
>Netgear Gateway Router RT314/RT311
>
>Description:
>Netgear's RT314 is a four-port gateway router targeted at the small home
>or small office network.
>
>Systems Affected:
>Tested on a Netgear RT314 running firmware versions 3.24 and 3.25. Any
>hardware running this firmware (RT-311 also runs the same firmware). Any
>product running ZyXel-RomPager web server 3.02 or earlier is probably also
>vulnerable.
>
>Problem Description:
>The Netgear RT314 Gateway Router (FW v3.25) runs a web server
>(ZyXEL-RomPager/3.02) for easy user configuration. This web server is
>vulnerable to the standard Cross Site Scripting problems seen in multiple
>web servers (noted in CERT CA-2000-02 from two years ago). Though it may
>be difficult to exploit (attacker would need to know
>the internal address of the victim's router), it still opens the
>possibility that an attacker could gain unauthorized access to the router,
>and possibly reconfigure it to allow remote access.
>
>To check Netgear devices for CSS, simply access the following URL in a
>browser:
> http://>/<script>alert('Vulnerable')</script>
>If you receive a JavaScript pop-up alert, the system is vulnerable to
>Cross Site Scripting.
>
>Vendor Status:
>Vendor was contacted on 1/5/2002 (supportat_private), but did not respond.
>
>Contact:
>sqat_private
>
>____________________________________________________________________
>http://www.cirt.net/
>Home of the Nikto web scanner, default port/password/ssid databases.
This archive was generated by hypermail 2b30
: Wed Feb 06 2002 - 16:39:57 PST