NETGEAR Hard-coded Telnet Unlock Credentials

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a default set of credentials for enabling root
login on the telnet service.

Description :

The remote NETGEAR device has a hard-coded set of credentials that can
be sent in a specially encoded packet in order to unlock the telnet
service and allow remote logins as the root user.

Solution :

There are no known fixes. As a workaround, restrict access to the
telnet port.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 72831 ()

Bugtraq ID: 65444

CVE ID: