Sign-up

ID

VAR-201204-0035


CVE

CVE-2012-2439


TITLE

NetGear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N Router Security Bypass Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2012-1722 // BID: 52853 // CNNVD: CNNVD-201210-486

DESCRIPTION

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. Netgear FVS318N Has an issue where remote administration is enabled by default. An attacker can bypass the restrictions and access the device management web interface. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Prosafe Fvs318n is prone to a remote security vulnerability

Trust: 3.51

sources: NVD: CVE-2012-2439 // CERT/CC: VU#928795 // JVNDB: JVNDB-2012-001989 // CNVD: CNVD-2012-1722 // BID: 52853 // BID: 78198 // VULHUB: VHN-55720

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-1722

AFFECTED PRODUCTS

vendor:netgearmodel:prosafe fvs318nscope:eqversion: -

Trust: 1.9

vendor:netgearmodel:prosafe wireless-n 8-port gigabit vpn firewall fvs318nscope: - version: -

Trust: 0.9

vendor:net gearmodel:fvs318nscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2012-1722 // BID: 52853 // BID: 78198 // JVNDB: JVNDB-2012-001989 // CNNVD: CNNVD-201204-540 // NVD: CVE-2012-2439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2439
value: HIGH

Trust: 1.0

NVD: CVE-2012-2439
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201204-540
value: HIGH

Trust: 0.6

VULHUB: VHN-55720
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-2439
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-55720
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55720 // JVNDB: JVNDB-2012-001989 // CNNVD: CNNVD-201204-540 // NVD: CVE-2012-2439

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-55720 // JVNDB: JVNDB-2012-001989 // NVD: CVE-2012-2439

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201210-486 // CNNVD: CNNVD-201204-540

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201204-540

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001989

PATCH
title:FVS318Nurl:http://www.netgear.com/business/products/security/wireless-VPN-firewalls/FVS318N.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001989

EXTERNAL IDS
db:CERT/CCid:VU#928795
Trust: 4.5
db:NVDid:CVE-2012-2439
Trust: 2.8
db:BIDid:52853
Trust: 1.5
db:JVNDBid:JVNDB-2012-001989
Trust: 0.8
db:CNNVDid:CNNVD-201204-540
Trust: 0.7
db:CNVDid:CNVD-2012-1722
Trust: 0.6
db:CNNVDid:CNNVD-201210-486
Trust: 0.6
db:BIDid:78198
Trust: 0.4
db:VULHUBid:VHN-55720
Trust: 0.1
sources:
            
            
            CERT/CC: VU#928795 // 
            
            
            
            CNVD: CNVD-2012-1722 // 
            
            
            
            VULHUB: VHN-55720 // 
            
            
            
            BID: 52853 // 
            
            
            
            BID: 78198 // 
            
            
            
            JVNDB: JVNDB-2012-001989 // 
            
            
            
            CNNVD: CNNVD-201210-486 // 
            
            
            
            CNNVD: CNNVD-201204-540 // 
            
            
            
            NVD: CVE-2012-2439

REFERENCES
url:http://www.kb.cert.org/vuls/id/928795
Trust: 3.7
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2439
Trust: 0.8
url:http://jvn.jp/cert/jvnvu928795
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2439
Trust: 0.8
url:http://www.securityfocus.com/bid/52853
Trust: 0.6
url:http://www.netgear.com/business/products/security/wireless-vpn-firewalls/fvs318n.aspx
Trust: 0.3
sources:
            
            
            CERT/CC: VU#928795 // 
            
            
            
            CNVD: CNVD-2012-1722 // 
            
            
            
            VULHUB: VHN-55720 // 
            
            
            
            BID: 52853 // 
            
            
            
            BID: 78198 // 
            
            
            
            JVNDB: JVNDB-2012-001989 // 
            
            
            
            CNNVD: CNNVD-201210-486 // 
            
            
            
            CNNVD: CNNVD-201204-540 // 
            
            
            
            NVD: CVE-2012-2439

CREDITS
David Barker of Electrosonics, Inc
Trust: 0.9
sources:
            
            
            BID: 52853 // 
            
            
            
            CNNVD: CNNVD-201210-486

SOURCES
db:CERT/CCid:VU#928795
db:CNVDid:CNVD-2012-1722
db:VULHUBid:VHN-55720
db:BIDid:52853
db:BIDid:78198
db:JVNDBid:JVNDB-2012-001989
db:CNNVDid:CNNVD-201210-486
db:CNNVDid:CNNVD-201204-540
db:NVDid:CVE-2012-2439

LAST UPDATE DATE
2025-04-11T23:20:41.628000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#928795date:2013-04-03T00:00:00
db:CNVDid:CNVD-2012-1722date:2012-04-06T00:00:00
db:VULHUBid:VHN-55720date:2012-09-21T00:00:00
db:BIDid:52853date:2012-04-02T00:00:00
db:BIDid:78198date:2012-04-27T00:00:00
db:JVNDBid:JVNDB-2012-001989date:2012-05-01T00:00:00
db:CNNVDid:CNNVD-201210-486date:2012-10-22T00:00:00
db:CNNVDid:CNNVD-201204-540date:2012-04-28T00:00:00
db:NVDid:CVE-2012-2439date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#928795date:2012-04-02T00:00:00
db:CNVDid:CNVD-2012-1722date:2012-04-06T00:00:00
db:VULHUBid:VHN-55720date:2012-04-28T00:00:00
db:BIDid:52853date:2012-04-02T00:00:00
db:BIDid:78198date:2012-04-27T00:00:00
db:JVNDBid:JVNDB-2012-001989date:2012-04-05T00:00:00
db:CNNVDid:CNNVD-201210-486date:2012-04-02T00:00:00
db:CNNVDid:CNNVD-201204-540date:2012-04-28T00:00:00
db:NVDid:CVE-2012-2439date:2012-04-28T00:55:01.267