[24149] in bugtraq
Re: Netgear RT311/RT314
daemon@ATHENA.MIT.EDU (Christian Vezina)
Wed Feb 6 19:40:10 2002
Message-Id: <5.0.2.1.2.20020205074308.02521910@mail.noos.fr>
Date: Tue, 05 Feb 2002 07:43:53 +0100
To: bugtraq@securityfocus.com
From: Christian Vezina <cvezina@noos.fr>
In-Reply-To: <E16XSL1-0005Qn-00@trek.vosn.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Does anyone know if NetGear Router RP114 is also affected by this problem?
thanks
>Product:
>Netgear Gateway Router RT314/RT311
>
>Description:
>Netgear's RT314 is a four-port gateway router targeted at the small home
>or small office network.
>
>Systems Affected:
>Tested on a Netgear RT314 running firmware versions 3.24 and 3.25. Any
>hardware running this firmware (RT-311 also runs the same firmware). Any
>product running ZyXel-RomPager web server 3.02 or earlier is probably also
>vulnerable.
>
>Problem Description:
>The Netgear RT314 Gateway Router (FW v3.25) runs a web server
>(ZyXEL-RomPager/3.02) for easy user configuration. This web server is
>vulnerable to the standard Cross Site Scripting problems seen in multiple
>web servers (noted in CERT CA-2000-02 from two years ago). Though it may
>be difficult to exploit (attacker would need to know
>the internal address of the victim's router), it still opens the
>possibility that an attacker could gain unauthorized access to the router,
>and possibly reconfigure it to allow remote access.
>
>To check Netgear devices for CSS, simply access the following URL in a
>browser:
> http://<router_ip>/<script>alert('Vulnerable')</script>
>If you receive a JavaScript pop-up alert, the system is vulnerable to
>Cross Site Scripting.
>
>Vendor Status:
>Vendor was contacted on 1/5/2002 (support@netgear.com), but did not respond.
>
>Contact:
>sq@cirt.net
>
>____________________________________________________________________
>http://www.cirt.net/
>Home of the Nikto web scanner, default port/password/ssid databases.
