Sign-up

ID

VAR-201407-0439


CVE

CVE-2014-2969


TITLE

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Trust: 0.8

sources: CERT/CC: VU#143740

DESCRIPTION

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. (CWE-798). An attacker could exploit this vulnerability to bypass the authentication mechanism and access the affected device without authorization. This may aid in further attacks. The vulnerability is caused by the use of a hard-coded password (debugpassword) for the ntgruser account

Trust: 3.24

sources: NVD: CVE-2014-2969 // CERT/CC: VU#143740 // JVNDB: JVNDB-2014-003154 // CNVD: CNVD-2014-04081 // BID: 68366 // VULHUB: VHN-70908

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04081

AFFECTED PRODUCTS

vendor:netgearmodel:gs108pescope:eqversion:1.2.0.5

Trust: 1.6

vendor:netgearmodel:gs108pescope:eqversion: -

Trust: 1.0

vendor:net gearmodel:gs105pe prosafe plus switchscope: - version: -

Trust: 0.8

vendor:net gearmodel:gs105pe prosafe plus switchscope:eqversion:version 1.2.0.5

Trust: 0.8

vendor:netgearmodel:gs108pe prosafe plus switchscope:eqversion:1.2.0.5

Trust: 0.6

sources: CNVD: CNVD-2014-04081 // JVNDB: JVNDB-2014-003154 // CNNVD: CNNVD-201407-177 // NVD: CVE-2014-2969

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2969
value: HIGH

Trust: 1.0

NVD: CVE-2014-2969
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-003154
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-04081
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201407-177
value: HIGH

Trust: 0.6

VULHUB: VHN-70908
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2969
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-2969
severity: HIGH
baseScore: 7.8
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-003154
severity: HIGH
baseScore: 7.8
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-04081
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70908
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#143740 // CNVD: CNVD-2014-04081 // VULHUB: VHN-70908 // JVNDB: JVNDB-2014-003154 // CNNVD: CNNVD-201407-177 // NVD: CVE-2014-2969

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:CWE-798

Trust: 0.8

problemtype:CWE-Other

Trust: 0.8

sources: CERT/CC: VU#143740 // VULHUB: VHN-70908 // JVNDB: JVNDB-2014-003154 // NVD: CVE-2014-2969

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201407-177

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201407-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003154

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#143740

PATCH
title:Gigabit Plus Switch Series - GS105PEurl:http://www.netgear.com/business/products/switches/unmanaged-plus/GS105PE.aspx
Trust: 0.8
title:GS105PEurl:http://www.netgear.jp/products/details/GS105PE.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003154

EXTERNAL IDS
db:NVDid:CVE-2014-2969
Trust: 3.4
db:CERT/CCid:VU#143740
Trust: 3.3
db:BIDid:68366
Trust: 1.0
db:JVNid:JVNVU91918249
Trust: 0.8
db:JVNDBid:JVNDB-2014-003154
Trust: 0.8
db:CNNVDid:CNNVD-201407-177
Trust: 0.7
db:CNVDid:CNVD-2014-04081
Trust: 0.6
db:VULHUBid:VHN-70908
Trust: 0.1
sources:
            
            
            CERT/CC: VU#143740 // 
            
            
            
            CNVD: CNVD-2014-04081 // 
            
            
            
            VULHUB: VHN-70908 // 
            
            
            
            BID: 68366 // 
            
            
            
            JVNDB: JVNDB-2014-003154 // 
            
            
            
            CNNVD: CNNVD-201407-177 // 
            
            
            
            NVD: CVE-2014-2969

REFERENCES
url:http://www.kb.cert.org/vuls/id/143740
Trust: 2.5
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2969
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91918249/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2969
Trust: 0.8
url:http://www.securityfocus.com/bid/68366
Trust: 0.6
sources:
            
            
            CERT/CC: VU#143740 // 
            
            
            
            CNVD: CNVD-2014-04081 // 
            
            
            
            VULHUB: VHN-70908 // 
            
            
            
            JVNDB: JVNDB-2014-003154 // 
            
            
            
            CNNVD: CNNVD-201407-177 // 
            
            
            
            NVD: CVE-2014-2969

CREDITS
Marc Olivier Chouinard
Trust: 0.3
sources:
            
            
            BID: 68366

SOURCES
db:CERT/CCid:VU#143740
db:CNVDid:CNVD-2014-04081
db:VULHUBid:VHN-70908
db:BIDid:68366
db:JVNDBid:JVNDB-2014-003154
db:CNNVDid:CNNVD-201407-177
db:NVDid:CVE-2014-2969

LAST UPDATE DATE
2024-11-23T21:55:18.930000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#143740date:2014-07-08T00:00:00
db:CNVDid:CNVD-2014-04081date:2014-07-14T00:00:00
db:VULHUBid:VHN-70908date:2014-07-07T00:00:00
db:BIDid:68366date:2014-07-03T00:00:00
db:JVNDBid:JVNDB-2014-003154date:2014-07-10T00:00:00
db:CNNVDid:CNNVD-201407-177date:2014-07-08T00:00:00
db:NVDid:CVE-2014-2969date:2024-11-21T02:07:15.627

SOURCES RELEASE DATE
db:CERT/CCid:VU#143740date:2014-07-03T00:00:00
db:CNVDid:CNVD-2014-04081date:2014-07-07T00:00:00
db:VULHUBid:VHN-70908date:2014-07-07T00:00:00
db:BIDid:68366date:2014-07-03T00:00:00
db:JVNDBid:JVNDB-2014-003154date:2014-07-07T00:00:00
db:CNNVDid:CNNVD-201407-177date:2014-07-08T00:00:00
db:NVDid:CVE-2014-2969date:2014-07-07T11:01:29.993