Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

NETGEAR FVS318 Information Disclosure
From: "Fab\\AIS" <fab () aisec net>
Date: Mon, 30 Sep 2002 21:19:36 -0400
Hi All..

I'm resending this..*without* the failure notice ;)

 Attached is an Advisory concerning Netgear's FVS318 
 Firewall/VPN/Router, and the fact that it stores Usernames and
Passwords in plain text if the config is backed up.


 Thanks,

 fab () aisec net
 http://www.aisec.net
 Information Security Team.
  -=-=-=-=-=-=-=-=-=-=-=-=-=-
===================================================================
 AIS advisory # 0006 NETGEAR FVS318 Firewall Router Firmware 1.1 
 Username/Password Disclosure

 ==============Summary================

 Netgear's FVS318 Firewall/VPN/Router stores Usernames and Passwords in 
 plain text when a backup of the configuration is made.

 ==========Software Affected==========

 Netgear FVS318 firmware 1.1 and every firmware version before it.


 ===============Vendor================


 http://www.netgear.com


 =========Product Description=========
 Taken from their site : http://www.netgear.com

 "Want the utmost in network security for your office? NETGEAR's FVS318 
 ProSafe VPN Firewall provides business-class protection at a NAT 
 router price. This completely equipped, broadband-capable Virtual 
 Private Network (VPN) firewall is a true firewall and provides it all 
 - Denial of Service (DoS) protection and Intrusion Detection using 
 Stateful Packet Inspection (SPI), URL access and content filtering, 
 logging, \reporting, and real-time alerts. It initiates up to 8 IPSec 
 VPN tunnels simultaneously, reducing your operating costs and 
 maximizing the security of your network. With 8 auto-sensing, Auto 
 UplinkT switched LAN ports and Network Address Translation (NAT) 
 routing, up to 253 users can access your broadband connection at the 
 same time."

 ============Vulnerability============

 The web interface includes a backup option to store your current 
 config just in case anything happens....

 For the most part, the file isn't readable except for a few words, in 
 particular, your Username to your ISP internet connection, and the
password
 to the web admin interface which listens on port 80 by default. This 
 port can be changed to whatever you like, but probably not many people 
 do that.

 I would consider this a local threat because you can only get to the 
 web
interface
 from inside the local LAN. Unless you enable Remote Management, which
listens on port
 8080 by default.

 The default username for the web interface can't be changed, it's 
 always
"admin"...

 Any good admin makes a backup of their working configs ;)


 ================FIX (if any) ========
 Use PGP to encrypt your files, if Netgear doesn't encrypt them for 
 you.


 ============Discovered by============
 fab () aisec net
 http://www.aisec.net
 Information Security Team

  By Date           By Thread  

Current thread:
  • NETGEAR FVS318 Information Disclosure Fab\\AIS (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]