Details of VAR-201303-0514

ID

VAR-201303-0514

TITLE

NetGear WNR1000 Router Remote Authentication Bypass Vulnerability

Trust: 0.9

sources: BID: 58792 // CNNVD: CNNVD-201304-009

DESCRIPTION

The vulnerability is that the WEB server skips the authentication detection for certain URLs, such as the URL containing the string \".jpg\" at the end, so the attacker submits a request similar to the following to get the current device configuration: http://<target- Ip-address>/NETGEAR_fwpt.cfg?.jpg. NetGear WNR1000 is a wireless router. There is a remote authentication bypass vulnerability in NetGear WNR1000 router versions prior to 1.0.2.60. A remote attacker could use this vulnerability to bypass the authentication mechanism and gain unauthorized access

Trust: 1.35

sources: CNVD: CNVD-2013-02579 // CNNVD: CNNVD-201304-009 // BID: 58792

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-02579

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr1000v3	scope:	lt	version:	1.0.2.60	Trust: 0.6
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.0.15	Trust: 0.3
vendor:	netgear	model:	wnr1000	scope:	ne	version:	1.0.260	Trust: 0.3

sources: CNVD: CNVD-2013-02579 // BID: 58792

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-02579
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-02579
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-02579

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-009

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-009

PATCH

title:

NetGear WNR1000 router verifies patches for bypassing vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/33101

Trust: 0.6

sources: CNVD: CNVD-2013-02579

EXTERNAL IDS

db:	BID	id:	58792	Trust: 1.5
db:	CNVD	id:	CNVD-2013-02579	Trust: 0.6
db:	CNNVD	id:	CNNVD-201304-009	Trust: 0.6

sources: CNVD: CNVD-2013-02579 // BID: 58792 // CNNVD: CNNVD-201304-009

REFERENCES

url:	http://seclists.org/bugtraq/2013/apr/5	Trust: 0.6
url:	http://www.securityfocus.com/bid/58792	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/526148	Trust: 0.3
url:	http://www.netgear.com/service-provider/products/routers-and-gateways/fast-ethernet-routers-gateways/wnr1000.aspx#	Trust: 0.3

sources: CNVD: CNVD-2013-02579 // BID: 58792 // CNNVD: CNNVD-201304-009

CREDITS

Roberto Paleari

Trust: 0.9

sources: BID: 58792 // CNNVD: CNNVD-201304-009

SOURCES

db:	CNVD	id:	CNVD-2013-02579
db:	BID	id:	58792
db:	CNNVD	id:	CNNVD-201304-009

LAST UPDATE DATE

2022-05-17T02:04:41.585000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02579	date:	2013-05-28T00:00:00
db:	BID	id:	58792	date:	2013-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201304-009	date:	2013-04-02T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-02579	date:	2013-04-03T00:00:00
db:	BID	id:	58792	date:	2013-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201304-009	date:	2013-03-29T00:00:00