logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

nb1300 router - default settings expose password
Date: 2003-04-15

Author : denote <denote@freemail.com.au>

Buqtraq post

Vendor: Netcomm Australia


Netcomm, Vulnerability in FTP server

NB 1300 modem/router

Affected firmware: all known versions


Description and Background:

The NB1300 has by default the ftp server (VxWorks (5.4.1)) exposed to the
WAN interface.
The default password is often not changed by the User.
User: admin Password: password
When connection is made to the ftp server the routers core system
Files are exposed to the admin account.
Perform a simple "get config.reg" and the username and password
Of the account are given in clear text.



The username and password may be used to access the users
Account details, collect their email, use the data available to them
2. (untested) The system files of the VxWorks (5.4.1) OS may be modified
or deleted
to impact a denial of service, rendering device useless.


Fix: disable the ftp WAN access and/or change
Admin account details.


Vendor to supply product with interface disabled by default

Has been notified 04/03/2003
No response received



arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy