ID
VAR-E-201402-0092
TITLE
NetGear N300 DGN2200 Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
NetGear N300 DGN2200 is prone to the following security vulnerabilities:
1. A local information-disclosure vulnerability
2. Multiple cross-site request forgery vulnerabilities
3. An arbitrary file-access vulnerability
4. Multiple remote command-execution vulnerabilities
5. An unauthorized-access weakness
6. A security-bypass weakness
Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, perform unauthorized actions in the context of a logged-in user, gain unauthorized access, or execute arbitrary commands in the context of the affected application.
NetGear N300 DGN2200 running firmware 1.0.0.36-7.0.37 is vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | netgear | model: | n300 dgn2200 | scope: | eq | version: | 1.0.0.36-7.0.37 | Trust: 0.3 |
EXPLOIT
Attackers can exploit these issues through browser or using readily available tools. To exploit the cross-site request forgery issues, an attacker must entice an unsuspecting user into following a malicious URI.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Andrew Horton from BAE Systems Applied Intelligence
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 65530 | Trust: 0.3 |
REFERENCES
| url: | http://www.netgear.com/home/products/networking/dsl-modems-routers/dgn2200.aspx | Trust: 0.3 |
SOURCES
| db: | BID | id: | 65530 |
LAST UPDATE DATE
2022-07-27T09:32:48.029000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 65530 | date: | 2014-02-12T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 65530 | date: | 2014-02-12T00:00:00 |