Sign-up

ID

VAR-201606-0554


TITLE

Netgear Device Web Interface Login Password Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-04399

DESCRIPTION

Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are web interface login password leaks in Netgear's various devices. When password recovery is disabled, an attacker who can access the internal network or remotely manage the router interface can exploit the vulnerability to obtain the management interface login password.

Trust: 0.6

sources: CNVD: CNVD-2016-04399

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04399

AFFECTED PRODUCTS

vendor:netgearmodel:r8500 v1.0.2.58 1.0.58scope: - version: -

Trust: 0.6

vendor:netgearmodel:r8000 v1.0.3.4 1.1.2scope: - version: -

Trust: 0.6

vendor:netgearmodel:r7900 v1.0.1.4 10.0.12scope: - version: -

Trust: 0.6

vendor:netgearmodel:r7300 v1.0.0.36 1.0.8scope: - version: -

Trust: 0.6

vendor:netgearmodel:r7000 v1.0.5.62 1.1.87scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6900 v1.0.0.4 1.0.10scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6700 v1.0.0.26 10.0.26scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6400 v1.0.1.6 1.0.4scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6300v2 v1.0.4.2 10.0.74scope: - version: -

Trust: 0.6

vendor:netgearmodel:ac1450 v1.0.0.34 10.0.16scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6300 v1.0.2.78 1.0.58scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6250 v1.0.4.2 10.1.10scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6200v2 v1.0.3.8 10.1.6scope: - version: -

Trust: 0.6

vendor:netgearmodel:r6200 v1.0.1.56 1.0.43scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr4500v2 v1.0.0.60 1.0.38scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr4500 v1.0.1.44 1.0.73scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr4000 v1.0.2.4 9.1.86scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr3700v3 v1.0.0.40 1.0.32scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr3400v3 v1.0.1.4 1.0.52scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr3400v2 v1.0.0.48 1.0.75scope: - version: -

Trust: 0.6

vendor:netgearmodel:wnr3500lv2 v1.2.0.34 40.0.75scope: - version: -

Trust: 0.6

vendor:netgearmodel:wnr1000v3 v1.0.2.68 60.0.93scope: - version: -

Trust: 0.6

vendor:netgearmodel:c6300scope:eqversion:v2.01.14

Trust: 0.6

vendor:netgearmodel:d6300scope:eqversion:v1.0.0.96

Trust: 0.6

vendor:netgearmodel:d6300bscope:eqversion:v1.0.0.40

Trust: 0.6

vendor:netgearmodel:d6400scope:eqversion:v1.0.0.44

Trust: 0.6

vendor:netgearmodel:d6220scope:eqversion:v1.0.0.12

Trust: 0.6

vendor:netgearmodel:dgn2200v4scope:eqversion:v1.0.0.66

Trust: 0.6

vendor:netgearmodel:dgn2200bv4scope:eqversion:v1.0.0.68

Trust: 0.6

vendor:netgearmodel:vegn2610scope:eqversion:v1.0.0.36

Trust: 0.6

vendor:netgearmodel: - scope:eqversion:v6510v1.0.0.20

Trust: 0.6

sources: CNVD: CNVD-2016-04399

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-04399
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-04399
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-04399

EXTERNAL IDS

db:CNVDid:CNVD-2016-04399

Trust: 0.6

sources: CNVD: CNVD-2016-04399

REFERENCES

url:http://kb.netgear.com/app/answers/detail/a_id/30632/~/web-gui-password-recovery-and-exposure-security-vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-04399

SOURCES

db:CNVDid:CNVD-2016-04399

LAST UPDATE DATE

2022-05-04T09:39:47.379000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-04399date:2016-07-01T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-04399date:2016-06-30T00:00:00