Sign-up

ID

VAR-200902-0395


CVE

CVE-2008-6122


TITLE

Netgear WGR614 of Web Service disruption in the management interface (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-004117

DESCRIPTION

The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). NETGEAR WGR614 is prone to a denial-of-service vulnerability that occurs in the administration web interface. NETGEAR WGR614 is a small wireless broadband router. WGR614 routers have loopholes when processing malformed requests. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Netgear WGR614 Web Interface Request Denial of Service SECUNIA ADVISORY ID: SA32716 VERIFY ADVISORY: http://secunia.com/advisories/32716/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Netgear WGR614v9 http://secunia.com/advisories/product/20525/ DESCRIPTION: sr. has reported a vulnerability in Netgear WGR614v9, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict access to the web interface. PROVIDED AND/OR DISCOVERED BY: sr. ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065619.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-6122 // JVNDB: JVNDB-2009-004117 // BID: 32290 // VULHUB: VHN-36247 // PACKETSTORM: 72054

AFFECTED PRODUCTS

vendor:netgearmodel:wgr614scope:eqversion:v9

Trust: 1.6

vendor:netgearmodel:wgr614scope:eqversion:v8

Trust: 1.6

vendor:net gearmodel:wgr614scope:eqversion:v9

Trust: 0.8

vendor:netgearmodel:wgr614scope:eqversion:0

Trust: 0.3

sources: BID: 32290 // JVNDB: JVNDB-2009-004117 // CNNVD: CNNVD-200902-263 // NVD: CVE-2008-6122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-6122
value: HIGH

Trust: 1.0

NVD: CVE-2008-6122
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200902-263
value: HIGH

Trust: 0.6

VULHUB: VHN-36247
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-6122
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-36247
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-36247 // JVNDB: JVNDB-2009-004117 // CNNVD: CNNVD-200902-263 // NVD: CVE-2008-6122

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-36247 // JVNDB: JVNDB-2009-004117 // NVD: CVE-2008-6122

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-263

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200902-263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004117

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-36247

PATCH
title:Top Pageurl:http://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-004117

EXTERNAL IDS
db:NVDid:CVE-2008-6122
Trust: 2.8
db:BIDid:32290
Trust: 2.0
db:SECUNIAid:32716
Trust: 1.8
db:VUPENid:ADV-2008-3174
Trust: 1.7
db:JVNDBid:JVNDB-2009-004117
Trust: 0.8
db:CNNVDid:CNNVD-200902-263
Trust: 0.7
db:FULLDISCid:20081113 NETGEAR WGR614V9 DOS TO ADMIN INTERFACE (INTERNAL AND EXTERNAL)
Trust: 0.6
db:XFid:614
Trust: 0.6
db:XFid:46602
Trust: 0.6
db:EXPLOIT-DBid:32583
Trust: 0.1
db:SEEBUGid:SSVID-85864
Trust: 0.1
db:VULHUBid:VHN-36247
Trust: 0.1
db:PACKETSTORMid:72054
Trust: 0.1
sources:
            
            
            VULHUB: VHN-36247 // 
            
            
            
            BID: 32290 // 
            
            
            
            JVNDB: JVNDB-2009-004117 // 
            
            
            
            PACKETSTORM: 72054 // 
            
            
            
            CNNVD: CNNVD-200902-263 // 
            
            
            
            NVD: CVE-2008-6122

REFERENCES
url:http://lists.grok.org.uk/pipermail/full-disclosure/2008-november/065619.html
Trust: 1.8
url:http://www.securityfocus.com/bid/32290
Trust: 1.7
url:http://secunia.com/advisories/32716
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/3174
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/46602
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6122
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6122
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/46602
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/3174
Trust: 0.6
url:http://www.netgear.com
Trust: 0.3
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/32716/
Trust: 0.1
url:http://secunia.com/advisories/product/20525/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-36247 // 
            
            
            
            BID: 32290 // 
            
            
            
            JVNDB: JVNDB-2009-004117 // 
            
            
            
            PACKETSTORM: 72054 // 
            
            
            
            CNNVD: CNNVD-200902-263 // 
            
            
            
            NVD: CVE-2008-6122

CREDITS
sr. staticrez@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200902-263

SOURCES
db:VULHUBid:VHN-36247
db:BIDid:32290
db:JVNDBid:JVNDB-2009-004117
db:PACKETSTORMid:72054
db:CNNVDid:CNNVD-200902-263
db:NVDid:CVE-2008-6122

LAST UPDATE DATE
2024-11-23T23:06:44.231000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-36247date:2017-08-08T00:00:00
db:BIDid:32290date:2015-05-07T17:21:00
db:JVNDBid:JVNDB-2009-004117date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200902-263date:2009-02-12T00:00:00
db:NVDid:CVE-2008-6122date:2024-11-21T00:55:43.610

SOURCES RELEASE DATE
db:VULHUBid:VHN-36247date:2009-02-11T00:00:00
db:BIDid:32290date:2008-11-13T00:00:00
db:JVNDBid:JVNDB-2009-004117date:2012-09-25T00:00:00
db:PACKETSTORMid:72054date:2008-11-18T16:18:24
db:CNNVDid:CNNVD-200902-263date:2008-11-13T00:00:00
db:NVDid:CVE-2008-6122date:2009-02-11T17:30:00.517