Critical flaws in Linksys and Netgear kit
Critical security flaws have been discovered in widely used wired and wireless networking products from Linksys Group Inc. and Netgear Inc. that would allow someone to crash or gain control of business and consumer networks.
Researcher Tom Knienieder late last week discovered that Netgear's WG602 (version 1) 802.11g-compatible wireless LAN access point contains a hard-wired user account with a known password. Any user with access to a LAN with an affected WG602 device connected to it would be able to gain full administrator access to the device, Knienieder said. Attackers could also gain access to the device through a WAN if the access point is set up to allow remote administration, but this goes against best practices for security, researchers said.
The "back-door" user account cannot be disabled, and Netgear has not released an upgrade to the WG602 firmware to fix the problem, researchers said. Security firm Secunia recommended users either switch to another product or restrict access to the Web-based administrator interface, for example making it accessible only from a dedicated administrator machine.
Security experts said the creation of the back-door was "very irresponsible". "It reportedly isn't possible for the user to change the password, thus making it harder for the user to mitigate the threat," Secunia's Jakob Balle told Techworld.
But observers have questioned the responsibility of Secunia and other security companies in putting the username and password in the public domain by listing both for a variety of releases in their advisories. The problem has been confirmed in all WG602v1 firmware releases after 1.04.0. A newer release of the WG602 hardware, version 2, does not seem to be affected, according to Secunia.
"Any user logging in with the username '(*)' and the password '(*)' is in complete control of the device," wrote Knienieder. "This vulnerability can be exploited by any person who is able to reach the Web interface of the device with a Web browser."
Knienieder, of Germany's Khamsin Security, published his original advisory on the BugTraq mailing list. Secunia has also published an advisory.
The hardwired administrative account was apparently built into the access point by a Taiwan hardware developer called Z-com Inc., according to Knienieder, raising the possibility that other hardware manufactured using Z-com designs may include the same vulnerability. Knienieder said the numerical password appeared to be the telephone number of Z-com's Taiwan offices.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
