Sign-up

ID

VAR-201605-0672


TITLE

Multiple vulnerabilities in Netgear Router JNR1010

Trust: 0.6

sources: CNVD: CNVD-2016-02935

DESCRIPTION

The NetgearRouterJNR1010 is a wireless router product. NetgearRouterJNR1010 has authentication bypass and inappropriate session management vulnerabilities. Developers frequently establish authentication and session management schemes that have vulnerabilities in logout, password management, timeouts, and account updates. An attacker can bypass authentication and log in to the system.

Trust: 0.6

sources: CNVD: CNVD-2016-02935

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-02935

AFFECTED PRODUCTS

vendor:netgearmodel:jnr1010scope:eqversion:1.0.0.24

Trust: 0.6

sources: CNVD: CNVD-2016-02935

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-02935
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2016-02935
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-02935

PATCH

title:NetgearRouterJNR1010 has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/75508

Trust: 0.6

sources: CNVD: CNVD-2016-02935

EXTERNAL IDS

db:CNVDid:CNVD-2016-02935

Trust: 0.6

sources: CNVD: CNVD-2016-02935

REFERENCES

url:http://seclists.org/fulldisclosure/2016/jan/31

Trust: 0.6

sources: CNVD: CNVD-2016-02935

SOURCES

db:CNVDid:CNVD-2016-02935

LAST UPDATE DATE

2022-05-04T10:04:57.251000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-02935date:2016-05-11T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-02935date:2016-05-11T00:00:00