OSVDB ID: 86793

Title: NETGEAR NTV300 NeoTV Default Unpassworded root Account

Info

Disclosure

Oct 23, 2012

Discovery

Unknown

Dates

Exploit

Oct 23, 2012

Solution

Unknown

Description

By default, the NETGEAR NTV300 (NeoTV) installs with a default password. The 'root' account has a blank password which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Change Default Setting
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

Immediately after installation, change all default installed accounts to use a unique and secure password. When possible, change default account names to custom names as well.

Products

NETGEAR

NTV300

Unspecified

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/86793