ID
VAR-201911-1483
CVE
CVE-2013-3072
TITLE
NETGEAR Centria WNDR4700 Firmware authentication vulnerability
Trust: 0.8
DESCRIPTION
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. NETGEAR Centria WNDR4700 There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified vulnerability that allows unauthenticated attackers to exploit the vulnerability to connect any hardware to the device. No detailed vulnerability details are currently available. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. NetGear WNDR4700 routers running firmware 1.0.0.34 are vulnerable
Trust: 2.43
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | netgear | model: | wndr4700 | scope: | eq | version: | 1.0.0.34 | Trust: 1.9 |
| vendor: | net gear | model: | wndr4700 | scope: | eq | version: | 1.0.0.34 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-287 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
authorization issue
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | WNDR4700 Firmware Version 1.0.0.52 | url: | https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-3072 | Trust: 3.3 |
| db: | BID | id: | 59304 | Trust: 0.9 |
| db: | JVNDB | id: | JVNDB-2013-006941 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2013-04046 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201304-497 | Trust: 0.6 |
REFERENCES
| url: | https://www.ise.io/casestudies/exploiting-soho-routers/ | Trust: 2.4 |
| url: | https://kb.netgear.com/23728/wndr4700-firmware-version-1-0-0-52 | Trust: 1.6 |
| url: | https://www.ise.io/soho_service_hacks/ | Trust: 1.6 |
| url: | https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2013-3072 | Trust: 1.4 |
| url: | http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3072 | Trust: 0.8 |
| url: | http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/ | Trust: 0.6 |
| url: | http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp | Trust: 0.6 |
| url: | http://www.netgear.com/wndr4700# | Trust: 0.3 |
CREDITS
Jacob Holcomb
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2013-04046 |
| db: | BID | id: | 59304 |
| db: | JVNDB | id: | JVNDB-2013-006941 |
| db: | CNNVD | id: | CNNVD-201304-497 |
| db: | NVD | id: | CVE-2013-3072 |
LAST UPDATE DATE
2024-08-14T15:02:04.318000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-04046 | date: | 2013-04-24T00:00:00 |
| db: | BID | id: | 59304 | date: | 2013-04-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-006941 | date: | 2019-11-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201304-497 | date: | 2019-11-21T00:00:00 |
| db: | NVD | id: | CVE-2013-3072 | date: | 2019-11-20T18:10:14.950 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-04046 | date: | 2013-04-24T00:00:00 |
| db: | BID | id: | 59304 | date: | 2013-04-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-006941 | date: | 2019-11-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201304-497 | date: | 2013-04-24T00:00:00 |
| db: | NVD | id: | CVE-2013-3072 | date: | 2019-11-14T19:15:11.613 |