Details of VAR-201006-0505

ID

VAR-201006-0505

TITLE

NETGEAR WG602v4 Management Password Remote Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-1002

DESCRIPTION

NETGEAR WG602v4 is a wireless router device. The verification process in the WEB interface of the NETGEAR WG602v4 device has a buffer overflow, and an attacker can exploit the vulnerability to stop the device from responding. The auth_authorize() function handles this process by submitting an administrator password of more than 128 characters to trigger a buffer overflow. The NETGEAR WG602v4 is prone to a remote stack-based buffer-overflow vulnerability because the device fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition

Trust: 0.81

sources: CNVD: CNVD-2010-1002 // BID: 40458

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1002

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wg602v4	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2010-1002 // BID: 40458

THREAT TYPE

network

Trust: 0.3

sources: BID: 40458

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 40458

EXTERNAL IDS

db:	BID	id:	40458	Trust: 0.9
db:	CNVD	id:	CNVD-2010-1002	Trust: 0.6

sources: CNVD: CNVD-2010-1002 // BID: 40458

REFERENCES

url:	http://www.icysilence.org/wp-content/uploads/is-2010-001_netgear_wg602v4_saved_pass_stack_overflow.txthttp	Trust: 0.6
url:	http://www.icysilence.org/wp-content/uploads/is-2010-001_netgear_wg602v4_saved_pass_stack_overflow.txt	Trust: 0.3
url:	http://www.icysilence.org/?p=235	Trust: 0.3
url:	http://kb.netgear.com/app/products/model/a_id/2575	Trust: 0.3
url:	/archive/1/511555	Trust: 0.3

sources: CNVD: CNVD-2010-1002 // BID: 40458

CREDITS

Cristofaro Mune

Trust: 0.3

sources: BID: 40458

SOURCES

db:	CNVD	id:	CNVD-2010-1002
db:	BID	id:	40458

LAST UPDATE DATE

2022-05-17T02:10:05.383000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1002	date:	2010-06-28T00:00:00
db:	BID	id:	40458	date:	2010-05-31T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1002	date:	2010-06-28T00:00:00
db:	BID	id:	40458	date:	2010-05-31T00:00:00