Details of VAR-202001-0884

ID

VAR-202001-0884

CVE

CVE-2013-3071

TITLE

NetGear WNDR4700 Media Server Authentication vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-007095

DESCRIPTION

NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. NetGear WNDR4700 Media Server An authentication vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified security vulnerability. After an attacker accesses the BRS_03B_haveBackupFile_fileRestore.html page, the administrator can access the administrator interface without a username or password. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the restricted functionality of the device

Trust: 2.43

sources: NVD: CVE-2013-3071 // JVNDB: JVNDB-2013-007095 // CNVD: CNVD-2013-04045 // BID: 59406

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04045

AFFECTED PRODUCTS

vendor:	netgear	model:	wndr4700	scope:	eq	version:	1.0.0.34	Trust: 1.9
vendor:	ネットギア	model:	wndr4700	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wndr4700	scope:	eq	version:	1.0.0.34	Trust: 0.8

sources: CNVD: CNVD-2013-04045 // BID: 59406 // JVNDB: JVNDB-2013-007095 // NVD: CVE-2013-3071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3071
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2013-3071
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2013-04045
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-3071
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04045
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-3071
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2013-3071
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2013-04045 // JVNDB: JVNDB-2013-007095 // NVD: CVE-2013-3071

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Incorrect authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2013-007095 // NVD: CVE-2013-3071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-132

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201305-132

PATCH

title:

WNDR4700 Firmware Version 1.0.0.52

url:

https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52

Trust: 0.8

sources: JVNDB: JVNDB-2013-007095

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3071	Trust: 3.3
db:	BID	id:	59406	Trust: 2.7
db:	JVNDB	id:	JVNDB-2013-007095	Trust: 0.8
db:	CNVD	id:	CNVD-2013-04045	Trust: 0.6
db:	CNNVD	id:	CNNVD-201305-132	Trust: 0.6

sources: CNVD: CNVD-2013-04045 // BID: 59406 // JVNDB: JVNDB-2013-007095 // CNNVD: CNNVD-201305-132 // NVD: CVE-2013-3071

REFERENCES

url:	https://www.securityfocus.com/bid/59406	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3071	Trust: 1.4
url:	http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp	Trust: 0.9
url:	http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/	Trust: 0.6
url:	http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp	Trust: 0.6
url:	http://www.netgear.com/wndr4700#	Trust: 0.3

sources: CNVD: CNVD-2013-04045 // BID: 59406 // JVNDB: JVNDB-2013-007095 // CNNVD: CNNVD-201305-132 // NVD: CVE-2013-3071

CREDITS

Jacob Holcomb

Trust: 0.9

sources: BID: 59406 // CNNVD: CNNVD-201305-132

SOURCES

db:	CNVD	id:	CNVD-2013-04045
db:	BID	id:	59406
db:	JVNDB	id:	JVNDB-2013-007095
db:	CNNVD	id:	CNNVD-201305-132
db:	NVD	id:	CVE-2013-3071

LAST UPDATE DATE

2024-08-14T14:38:39.108000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04045	date:	2013-04-24T00:00:00
db:	BID	id:	59406	date:	2013-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-007095	date:	2020-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201305-132	date:	2020-05-25T00:00:00
db:	NVD	id:	CVE-2013-3071	date:	2020-01-30T20:10:10.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04045	date:	2013-04-24T00:00:00
db:	BID	id:	59406	date:	2013-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-007095	date:	2020-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201305-132	date:	2013-04-17T00:00:00
db:	NVD	id:	CVE-2013-3071	date:	2020-01-28T21:15:11.437