Details of VAR-200501-0216

ID

VAR-200501-0216

CVE

CVE-2005-0290

TITLE

Netgear FVS318 filter Bypass detection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-249

DESCRIPTION

NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. NetGear FVS318 is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to bypass URI filters and carry out cross-site scripting attacks. The following issues were identified: It is reported that an attacker can bypass URI filters of the device. The URI filter log viewer is reported prone to a cross-site scripting vulnerability. The research report specified that FVS318 devices with firmware 2.4 are vulnerable to these issues. FVS318 and FVS318v2 are shipped with firmware 2.4, however, it is possible that FVS318v3 and other firmware versions are affected as well. This BID will be updated when more information about affected packages is available. The Netgear FVS318 is a handy little router. A filter detection bypass vulnerability exists in Netgear FVS318 with firmware version 2.4. Remote attackers can use Hex-encoded URLs, such as HEX-encoded file extensions, to bypass detection

Trust: 1.26

sources: NVD: CVE-2005-0290 // BID: 12278 // VULHUB: VHN-11499

AFFECTED PRODUCTS

vendor:	netgear	model:	fvs318	scope:	eq	version:	2.4	Trust: 1.9
vendor:	netgear	model:	fvs318v2	scope:	eq	version:	2.4	Trust: 0.3

sources: BID: 12278 // CNNVD: CNNVD-200501-249 // NVD: CVE-2005-0290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0290
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200501-249
value:	HIGH
Trust: 0.6
VULHUB:	VHN-11499
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-0290
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11499
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11499 // CNNVD: CNNVD-200501-249 // NVD: CVE-2005-0290

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0290

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-249

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200501-249

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0290	Trust: 2.0
db:	BID	id:	12278	Trust: 2.0
db:	SECUNIA	id:	13787	Trust: 1.7
db:	SECTRACK	id:	1012913	Trust: 1.7
db:	CNNVD	id:	CNNVD-200501-249	Trust: 0.7
db:	XF	id:	18920	Trust: 0.6
db:	XF	id:	318	Trust: 0.6
db:	FULLDISC	id:	20050117 MULTIPLE VULNERABILITIES IN NETGEAR FVS318 ROUTER	Trust: 0.6
db:	BUGTRAQ	id:	20050117 MULTIPLE VULNERABILITIES IN NETGEAR FVS318 ROUTER	Trust: 0.6
db:	VULHUB	id:	VHN-11499	Trust: 0.1

sources: VULHUB: VHN-11499 // BID: 12278 // CNNVD: CNNVD-200501-249 // NVD: CVE-2005-0290

REFERENCES

url:	http://www.securityfocus.com/bid/12278	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2005-january/030984.html	Trust: 1.7
url:	http://securitytracker.com/id?1012913	Trust: 1.7
url:	http://secunia.com/advisories/13787	Trust: 1.7
url:	http://www.securinews.com/vuln.htm?vulnid=103	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18920	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=110599727631560&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/18920	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110599727631560&w=2	Trust: 0.6
url:	http://www.netgear.com/products/prod_details.asp?prodid=129	Trust: 0.3
url:	/archive/1/387467	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=110599727631560&w=2	Trust: 0.1

sources: VULHUB: VHN-11499 // BID: 12278 // CNNVD: CNNVD-200501-249 // NVD: CVE-2005-0290

CREDITS

Paul Kurczaba※ pkurczaba@att.net

Trust: 0.6

sources: CNNVD: CNNVD-200501-249

SOURCES

db:	VULHUB	id:	VHN-11499
db:	BID	id:	12278
db:	CNNVD	id:	CNNVD-200501-249
db:	NVD	id:	CVE-2005-0290

LAST UPDATE DATE

2024-08-14T12:58:08.303000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11499	date:	2017-07-11T00:00:00
db:	BID	id:	12278	date:	2009-07-12T10:06:00
db:	CNNVD	id:	CNNVD-200501-249	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0290	date:	2017-07-11T01:32:12.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11499	date:	2005-01-17T00:00:00
db:	BID	id:	12278	date:	2005-01-17T00:00:00
db:	CNNVD	id:	CNNVD-200501-249	date:	2005-01-17T00:00:00
db:	NVD	id:	CVE-2005-0290	date:	2005-01-17T05:00:00