Details of VAR-200906-0229

ID

VAR-200906-0229

CVE

CVE-2009-2257

TITLE

Netgear DG632 Management running on top Web Vulnerabilities that bypass authentication in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2009-004772

DESCRIPTION

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. NetGear DG632 router is prone to multiple remote vulnerabilities. Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: tom@tomneaves.co.uk < tom@tomneaves.co.uk > Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device's settings. Authentication of this web interface is handled by a script called "webcm" residing in "/cgi-bin/" which redirects to the relevant pages depending on successful user authentication. Vulnerabilities in this interface enable an attacker to access files and data without authentication. II. DETAILS The "webcm" script handles user authentication and attempts to load "indextop.htm" (via javascript below). The "indextop.htm" page requires authentication (HTTP Basic Authorization). --- <script..

Trust: 1.98

sources: NVD: CVE-2009-2257 // JVNDB: JVNDB-2009-004772 // BID: 35376 // VULHUB: VHN-39703

AFFECTED PRODUCTS

vendor:	netgear	model:	dg632	scope:	eq	version:	3.4.0_ap	Trust: 1.6
vendor:	net gear	model:	dg632	scope:	eq	version:	3.4.0_ap	Trust: 0.8
vendor:	netgear	model:	dg632 3.4.0 ap	scope:	-	version:	-	Trust: 0.3
vendor:	netgear	model:	dg632	scope:	eq	version:	0	Trust: 0.3

sources: BID: 35376 // JVNDB: JVNDB-2009-004772 // CNNVD: CNNVD-200906-454 // NVD: CVE-2009-2257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2257
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-2257
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200906-454
value:	HIGH
Trust: 0.6
VULHUB:	VHN-39703
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-2257
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-39703
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39703 // JVNDB: JVNDB-2009-004772 // CNNVD: CNNVD-200906-454 // NVD: CVE-2009-2257

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-39703 // JVNDB: JVNDB-2009-004772 // NVD: CVE-2009-2257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-454

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200906-454

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004772

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-39703

PATCH

title:

Top Page

url:

http://www.netgear.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-004772

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2257	Trust: 2.8
db:	EXPLOIT-DB	id:	8963	Trust: 1.7
db:	SECTRACK	id:	1022404	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-004772	Trust: 0.8
db:	MILW0RM	id:	8963	Trust: 0.6
db:	BUGTRAQ	id:	20090615 NETGEAR DG632 ROUTER AUTHENTICATION BYPASS VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200906-454	Trust: 0.6
db:	BID	id:	35376	Trust: 0.3
db:	SEEBUG	id:	SSVID-11625	Trust: 0.1
db:	VULHUB	id:	VHN-39703	Trust: 0.1

sources: VULHUB: VHN-39703 // BID: 35376 // JVNDB: JVNDB-2009-004772 // CNNVD: CNNVD-200906-454 // NVD: CVE-2009-2257

REFERENCES

url:	http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt	Trust: 2.0
url:	http://securitytracker.com/id?1022404	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/504312/100/0/threaded	Trust: 1.1
url:	http://www.exploit-db.com/exploits/8963	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2257	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2257	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/504312/100/0/threaded	Trust: 0.6
url:	http://www.milw0rm.com/exploits/8963	Trust: 0.6
url:	http://www.netgear.com/	Trust: 0.3
url:	http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt	Trust: 0.3
url:	/archive/1/504312	Trust: 0.3
url:	/archive/1/504313	Trust: 0.3
url:	/archive/1/504341	Trust: 0.3
url:	/archive/1/504345	Trust: 0.3

sources: VULHUB: VHN-39703 // BID: 35376 // JVNDB: JVNDB-2009-004772 // CNNVD: CNNVD-200906-454 // NVD: CVE-2009-2257

CREDITS

Tom Neaves

Trust: 0.9

sources: BID: 35376 // CNNVD: CNNVD-200906-454

SOURCES

db:	VULHUB	id:	VHN-39703
db:	BID	id:	35376
db:	JVNDB	id:	JVNDB-2009-004772
db:	CNNVD	id:	CNNVD-200906-454
db:	NVD	id:	CVE-2009-2257

LAST UPDATE DATE

2025-04-10T22:56:34.102000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39703	date:	2018-10-10T00:00:00
db:	BID	id:	35376	date:	2009-07-09T20:36:00
db:	JVNDB	id:	JVNDB-2009-004772	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200906-454	date:	2009-06-30T00:00:00
db:	NVD	id:	CVE-2009-2257	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39703	date:	2009-06-30T00:00:00
db:	BID	id:	35376	date:	2009-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2009-004772	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200906-454	date:	2009-06-30T00:00:00
db:	NVD	id:	CVE-2009-2257	date:	2009-06-30T10:30:21.780