NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2009-02

[Full-disclosure] Security contacts at Netgear and/or D-Link? (DoS, pos. default PWs and other issues)

From: rembrandt (rembrandtjpberlin.de)
Date: Fri Feb 06 2009 - 10:01:54 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is somebody aware of security contacts at Netgear or D-Link?

Products of those vendors do suffer from possible DoS, propably default
hardcoded root accounts (D-Link) and other issues.

Timeline:

ZDI:
Case Opened 2009-01-18 04:24 GMT-6
Case Closed 2009-01-19 14:12 GMT-6
"We are not interested in vulnerabilities affecting D-Link at this
time."

Case Opened 2008-12-28 07:57 GMT-6
Case Closed 2009-01-15 17:01 GMT-6
"After some deliberation we have unfortunately decided that we won't be
accepting bugs affecting NetGear products."

Contacting mitre.org, asking for CVE and a contact at D-Link:
Mo, 2.02.2009, 13:01

Contacting mitre.org and NetGear asking for CVE and contact:
Mo, 2.02.2009, 12:55
pressrelationsnetgear.com (OSVDB entry in the contact field)
coleylinus.mitre.org (cc, found by googling)

No replies so far.
Maybe NetGear and D-Link could consider to work together with the OSVDB
to enter at least some valid contact data.

Somebody interested into Router issues (and no it's no xss...)?
The vendor itself seam to not to care about their customers or security...

Kind regards,
Rembrandt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (OpenBSD)

iQIcBAEBAgAGBQJJjF7zAAoJEKpmjajaOKCmbioP/iGCSu4PjgffXrg52+YOhcZl
JLy88XF7/LzNcY2WIxtuCWUYRd8Vu0MWMTYbWGjdBHbVz01VAG3SRl2Ngu7bwM9v
1ao67/c+259FrohpW5IwKYDAG9qx7jKJNN2PGhY6EVWVitxDP2E0YVTVRw6wKfo7
Co/c3+tonU+Y+tLKYJt8a0qciVetDOEUFZhdZRDpyJFZN+QQ0caekiRMQDYiah1r
tDzA/cF/WhJtp9xjPyeCFBrzeGYt35XBlq0G+Wu766I0MS2hmMjOknfPraR6q0J6
6uV1Ct+bHAA9LirCjIQdlIyqc8jAN/4UTftO7wePH8AWUIEWnhH0cJY7CMIzq9Pf
PsOeqNurpoCHEo5D+symlvHjWR6ta63oMjguOTaIcUXaerbsNpgcgaAUcXZA6fJ9
QQ7wXHcefvFXTBtv5KNQBlU2ebOX2CrFBHhbhp1H/xyK6aNPuNsJd+DZI9h18MJ9
0aPJClghmB3IEZvX35NL/szynEPTYPZ/QzCw5nlW/HC3fRlAF3PnxAEMAtFEe91r
JBUtVp8Px4gx0/zi0FUrbq4qflCR/LDIpGt+iI4lGViAnouKqJSXHjh+qOe9Woj4
EA2lWYC0jChi+adnx76QN11HFp1yhNhER4PggB4ulWrY1RGqSJkhDXcl+QWjNrK8
71SrqAxVkuYm/Wq7UutZ
=48J1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]