VAR-200412-0825
Vulnerability from variot - Updated: 2025-04-03 22:10NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. Netgear WG602 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device. Netgear WG602 access point with firmware version 1.04.0 is reportedly affected by this issue. It is likely that other versions of the firmware are also vulnerable. It is reported that the new version (1.7.14) of the Firmware for WG602 is vulnerable to this issue as well, however, the username and password for the backdoor account has been changed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0825",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wg602",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.14"
},
{
"model": "wgt624",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "wg602 access point",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.7.14"
},
{
"model": "wg602 access point",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.04.0"
},
{
"model": "wg602v2 access point rc6",
"scope": "ne",
"trust": 0.3,
"vendor": "netgear",
"version": "3.2"
},
{
"model": "wg602v2 access point rc5",
"scope": "ne",
"trust": 0.3,
"vendor": "netgear",
"version": "3.1"
},
{
"model": "wg602v2 access point rc2",
"scope": "ne",
"trust": 0.3,
"vendor": "netgear",
"version": "3.1"
},
{
"model": "wg602v2 access point rc5",
"scope": "ne",
"trust": 0.3,
"vendor": "netgear",
"version": "2.0"
},
{
"model": "wg602v2 access point",
"scope": "ne",
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "wg602 access point",
"scope": "ne",
"trust": 0.3,
"vendor": "netgear",
"version": "1.7.15"
}
],
"sources": [
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Tom Knienieder \u003cknienieder@khamsin.ch\u003e.",
"sources": [
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
}
],
"trust": 0.9
},
"cve": "CVE-2004-2557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2557",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10985",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2557",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-414",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10985",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10985"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username \"superman\" and password \"21241036\", which allows remote attackers to modify the configuration. Netgear WG602 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device. \nNetgear WG602 access point with firmware version 1.04.0 is reportedly affected by this issue. It is likely that other versions of the firmware are also vulnerable. It is reported that the new version (1.7.14) of the Firmware for WG602 is vulnerable to this issue as well, however, the username and password for the backdoor account has been changed",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2557"
},
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
},
{
"db": "VULHUB",
"id": "VHN-10985"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2557",
"trust": 2.3
},
{
"db": "BID",
"id": "10459",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "11773",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "6743",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414",
"trust": 0.7
},
{
"db": "CIAC",
"id": "O-159",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040605 RE: NETGEAR WG602 ACCESSPOINT VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040603 NETGEAR WG602 ACCESSPOINT VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "602",
"trust": 0.6
},
{
"db": "XF",
"id": "16312",
"trust": 0.6
},
{
"db": "BID",
"id": "16835",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-10985",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10985"
},
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"id": "VAR-200412-0825",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10985"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:10:39.175000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126\u0026tid=172"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10459"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0036.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/365230"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/o-159.shtml"
},
{
"trust": 1.7,
"url": "http://kbserver.netgear.com/kb_web_files/n101383.asp"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6743"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11773"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16312"
},
{
"trust": 0.6,
"url": "http://www.netgear.com/support_main.asp"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16312"
},
{
"trust": 0.3,
"url": "http://kbserver.netgear.com/products/wgt624.asp"
},
{
"trust": 0.3,
"url": "/archive/1/426187"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/products/prod_details.php?prodid=170"
},
{
"trust": 0.3,
"url": "/archive/1/365380"
},
{
"trust": 0.3,
"url": "/archive/1/365292"
},
{
"trust": 0.3,
"url": "/archive/1/365150"
},
{
"trust": 0.3,
"url": "/archive/1/365157"
},
{
"trust": 0.3,
"url": "/archive/1/365230"
},
{
"trust": 0.3,
"url": "/archive/1/365309"
},
{
"trust": 0.3,
"url": "/archive/1/365303"
},
{
"trust": 0.1,
"url": "http://slashdot.org/articles/04/06/08/1319206.shtml?tid=126\u0026amp;tid=172"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10985"
},
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10985"
},
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10985"
},
{
"date": "2006-02-27T00:00:00",
"db": "BID",
"id": "16835"
},
{
"date": "2004-06-03T00:00:00",
"db": "BID",
"id": "10459"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10985"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "16835"
},
{
"date": "2004-06-03T00:00:00",
"db": "BID",
"id": "10459"
},
{
"date": "2006-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-414"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WG602 Wireless Access Point Default Backdoor Account Vulnerability",
"sources": [
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16835"
},
{
"db": "BID",
"id": "10459"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-414"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…