Details of VAR-201502-0508

ID

VAR-201502-0508

TITLE

Multiple NetGear Routers SOAP Service Verification Bypass Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2015-01321

DESCRIPTION

NetGear WNDR3700v4, WNR2200 and WNR2500 are all wireless router products of NetGear. A remote authentication bypass vulnerability exists in several NetGear routers. An attacker could use this vulnerability to bypass the authentication mechanism and obtain potentially sensitive information. The following products and versions are affected: NetGear WNDR3700v4 V1.0.0.4SH version, WNDR3700v4 V1.0.1.52 version, WNR2200 V1.0.1.88 version, WNR2500 V1.0.0.24 version

Trust: 1.35

sources: CNVD: CNVD-2015-01321 // CNNVD: CNNVD-201503-075 // BID: 72640

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-01321

AFFECTED PRODUCTS

vendor:	netgear	model:	wndr3700v4	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wnr2500	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wnr2500	scope:	eq	version:	1.0.0.24	Trust: 0.3
vendor:	netgear	model:	wnr2200	scope:	eq	version:	1.0.1.88	Trust: 0.3
vendor:	netgear	model:	wndr3700v4	scope:	eq	version:	1.0.1.52	Trust: 0.3
vendor:	netgear	model:	wndr3700v4 1.0.0.4sh	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-01321 // BID: 72640

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-01321
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2015-01321
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-01321

THREAT TYPE

remote ※ local

Trust: 0.6

sources: CNNVD: CNNVD-201503-075

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201503-075

EXTERNAL IDS

db:	BID	id:	72640	Trust: 1.5
db:	XF	id:	100967	Trust: 0.6
db:	CNVD	id:	CNVD-2015-01321	Trust: 0.6
db:	CNNVD	id:	CNNVD-201503-075	Trust: 0.6

sources: CNVD: CNVD-2015-01321 // BID: 72640 // CNNVD: CNNVD-201503-075

REFERENCES

url:	http://xforce.iss.net/xforce/xfdb/100967	Trust: 0.6
url:	http://www.securityfocus.com/bid/72640	Trust: 0.6
url:	http://www.netgear.com	Trust: 0.3
url:	https://github.com/darkarnium/secpub/tree/master/netgear/soapwndr	Trust: 0.3

sources: CNVD: CNVD-2015-01321 // BID: 72640 // CNNVD: CNNVD-201503-075

CREDITS

Peter Adkins

Trust: 0.9

sources: BID: 72640 // CNNVD: CNNVD-201503-075

SOURCES

db:	CNVD	id:	CNVD-2015-01321
db:	BID	id:	72640
db:	CNNVD	id:	CNNVD-201503-075

LAST UPDATE DATE

2022-05-17T02:07:09.324000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-01321	date:	2015-02-28T00:00:00
db:	BID	id:	72640	date:	2015-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201503-075	date:	2015-03-04T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-01321	date:	2015-02-28T00:00:00
db:	BID	id:	72640	date:	2015-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201503-075	date:	2015-02-17T00:00:00