|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Christian Vezina (cvezina
noos.fr)Date: Tue Feb 05 2002 - 00:43:53 CST
Does anyone know if NetGear Router RP114 is also affected by this problem?
thanks
>Product:
>Netgear Gateway Router RT314/RT311
>
>Description:
>Netgear's RT314 is a four-port gateway router targeted at the small home
>or small office network.
>
>Systems Affected:
>Tested on a Netgear RT314 running firmware versions 3.24 and 3.25. Any
>hardware running this firmware (RT-311 also runs the same firmware). Any
>product running ZyXel-RomPager web server 3.02 or earlier is probably also
>vulnerable.
>
>Problem Description:
>The Netgear RT314 Gateway Router (FW v3.25) runs a web server
>(ZyXEL-RomPager/3.02) for easy user configuration. This web server is
>vulnerable to the standard Cross Site Scripting problems seen in multiple
>web servers (noted in CERT CA-2000-02 from two years ago). Though it may
>be difficult to exploit (attacker would need to know
>the internal address of the victim's router), it still opens the
>possibility that an attacker could gain unauthorized access to the router,
>and possibly reconfigure it to allow remote access.
>
>To check Netgear devices for CSS, simply access the following URL in a
>browser:
> http://
>If you receive a JavaScript pop-up alert, the system is vulnerable to
>Cross Site Scripting.
>
>Vendor Status:
>Vendor was contacted on 1/5/2002 (supportnetgear.com), but did not respond.
>
>Contact:
>sqcirt.net
>
>____________________________________________________________________
>http://www.cirt.net/
>Home of the Nikto web scanner, default port/password/ssid databases.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]