NetGear got itself into a bit of hot water recently when it was discovered that a backdoor admin account was in the firmware of the WG602 access point.

Any user logging in with the username “super” and the password “5777364″ is in complete control of the device.

In response, NetGear released a firmware update to fix the “illegal user access the WEB configuration utility.” But they didn’t fix the problem, and today there’s a mesasge on BugTraq stating:

I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602. They’ve simply gone and changed the username to superman and password to 21241036.

I actually don’t own any NetGear products myself, but do have a couple of small switches at the office for use on the test bench. I won’t be buying any of their products either. To be fair this apparently was installed by their OEM, but the fix issued in response to the initial finding is a completely uncceptable answer to the problem.