Netgear Gateway Router RT314/RT311
Netgear's RT314 is a four-port gateway router targeted at the small home
or small office network.
Tested on a Netgear RT314 running firmware versions 3.24 and 3.25. Any
hardware running this firmware (RT-311 also runs the same firmware). Any
product running ZyXel-RomPager web server 3.02 or earlier is probably also
The Netgear RT314 Gateway Router (FW v3.25) runs a web server
(ZyXEL-RomPager/3.02) for easy user configuration. This web server is
vulnerable to the standard Cross Site Scripting problems seen in multiple
web servers (noted in CERT CA-2000-02 from two years ago). Though it may
be difficult to exploit (attacker would need to know
the internal address of the victim's router), it still opens the
possibility that an attacker could gain unauthorized access to the router,
and possibly reconfigure it to allow remote access.
To check Netgear devices for CSS, simply access the following URL in a
Cross Site Scripting.
Vendor was contacted on 1/5/2002 (support () netgear com), but did not respond.
sq () cirt net
Home of the Nikto web scanner, default port/password/ssid databases.