Details of VAR-200906-0228

ID

VAR-200906-0228

CVE

CVE-2009-2256

TITLE

Netgear DG632 Management running on top Web Service disruption at the interface (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-004771

DESCRIPTION

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. NetGear DG632 router is prone to multiple remote vulnerabilities. An attacker with access to the web interface of the router can exploit these issues to enumerate files and directories in the router's 'www' directory, cause denial-of-service conditions, and bypass authentication to administrative scripts

Trust: 1.98

sources: NVD: CVE-2009-2256 // JVNDB: JVNDB-2009-004771 // BID: 35376 // VULHUB: VHN-39702

AFFECTED PRODUCTS

vendor:	netgear	model:	dg632	scope:	eq	version:	3.4.0_ap	Trust: 1.6
vendor:	net gear	model:	dg632	scope:	eq	version:	3.4.0_ap	Trust: 0.8
vendor:	netgear	model:	dg632 3.4.0 ap	scope:	-	version:	-	Trust: 0.3
vendor:	netgear	model:	dg632	scope:	eq	version:	0	Trust: 0.3

sources: BID: 35376 // JVNDB: JVNDB-2009-004771 // CNNVD: CNNVD-200906-453 // NVD: CVE-2009-2256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2256
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-2256
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200906-453
value:	HIGH
Trust: 0.6
VULHUB:	VHN-39702
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-2256
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-39702
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39702 // JVNDB: JVNDB-2009-004771 // CNNVD: CNNVD-200906-453 // NVD: CVE-2009-2256

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-39702 // JVNDB: JVNDB-2009-004771 // NVD: CVE-2009-2256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-453

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200906-453

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004771

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-39702

PATCH

title:

Top Page

url:

http://www.netgear.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-004771

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2256	Trust: 2.8
db:	EXPLOIT-DB	id:	8964	Trust: 1.7
db:	SECTRACK	id:	1022403	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-004771	Trust: 0.8
db:	BUGTRAQ	id:	20090616 RE[2]: [FULL-DISCLOSURE] NETGEAR DG632 ROUTER REMOTE DOS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20090615 RE: NETGEAR DG632 ROUTER REMOTE DOS VULNERABILITY	Trust: 0.6
db:	MILW0RM	id:	8964	Trust: 0.6
db:	CNNVD	id:	CNNVD-200906-453	Trust: 0.6
db:	BID	id:	35376	Trust: 0.3
db:	VULHUB	id:	VHN-39702	Trust: 0.1

sources: VULHUB: VHN-39702 // BID: 35376 // JVNDB: JVNDB-2009-004771 // CNNVD: CNNVD-200906-453 // NVD: CVE-2009-2256

REFERENCES

url:	http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt	Trust: 2.0
url:	http://securitytracker.com/id?1022403	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/504341/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/504345/100/0/threaded	Trust: 1.1
url:	http://www.exploit-db.com/exploits/8964	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2256	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2256	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/504345/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/504341/100/0/threaded	Trust: 0.6
url:	http://www.milw0rm.com/exploits/8964	Trust: 0.6
url:	http://www.netgear.com/	Trust: 0.3
url:	http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt	Trust: 0.3
url:	/archive/1/504312	Trust: 0.3
url:	/archive/1/504313	Trust: 0.3
url:	/archive/1/504341	Trust: 0.3
url:	/archive/1/504345	Trust: 0.3

sources: VULHUB: VHN-39702 // BID: 35376 // JVNDB: JVNDB-2009-004771 // CNNVD: CNNVD-200906-453 // NVD: CVE-2009-2256

CREDITS

Tom Neaves

Trust: 0.9

sources: BID: 35376 // CNNVD: CNNVD-200906-453

SOURCES

db:	VULHUB	id:	VHN-39702
db:	BID	id:	35376
db:	JVNDB	id:	JVNDB-2009-004771
db:	CNNVD	id:	CNNVD-200906-453
db:	NVD	id:	CVE-2009-2256

LAST UPDATE DATE

2025-04-10T22:56:34.164000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39702	date:	2018-10-10T00:00:00
db:	BID	id:	35376	date:	2009-07-09T20:36:00
db:	JVNDB	id:	JVNDB-2009-004771	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200906-453	date:	2009-06-30T00:00:00
db:	NVD	id:	CVE-2009-2256	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39702	date:	2009-06-30T00:00:00
db:	BID	id:	35376	date:	2009-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2009-004771	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200906-453	date:	2009-06-30T00:00:00
db:	NVD	id:	CVE-2009-2256	date:	2009-06-30T10:30:21.717