The Netgear CG3000v2 cable modem fails to validate an admin's old password prior to changing to a new one. It also appears to suffer from cross site request forgery issues.
60a9f0aaa0dd1bda3794476688930f7d44eef4e51d60f57a34808b39c96672ffI noticed a security issue in my Netgear CG3000v2 cable modem, as
provided by Optus (an Australian phone/communications provider).
The "admin password" can be changed on the web interface, without
providing the current password. The page
http://192.168.0.1/SetPassword.asp
prompts for old and new passwords (and repeat of new), but in fact
ignores the old password provided, and changes the password to the
new one, regardless.
This issue could be exploited via CSRF, to change the password
while the user happens to be logged in. I do not know what
practical benefit an attacker would then gain; maybe not much,
seeing how most modems would be left at the default setting of
admin/password as per
http://www.optus.com.au/shop/support/answer/modem-wifi-username-password-help?requestType=NormalRequest&id=1752&typeId=5
I do not know whether the same issue affects other modems or routers.
I reported the issue to Netgear (support case #26592620) but they
did not seem interested.
Cheers, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed