Sign-up

ID

VAR-201306-0467


TITLE

NetGear DGN1000 'currentsetting.htm' Secure Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-06821

DESCRIPTION

The NetGear DGN1000 is a wireless DSL router. The NetGear DGN1000 has a security bypass vulnerability. After setting the \"currentsetting.htm\" GET parameter, the application device incorrectly restricts access to the setup.cgi script, allowing an attacker to exploit the vulnerability for unauthorized operations, such as executing arbitrary OS commands.

Trust: 0.6

sources: CNVD: CNVD-2013-06821

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-06821

AFFECTED PRODUCTS

vendor:netgearmodel:dgn1000bscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-06821

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-06821
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-06821
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-06821

PATCH

title:NetGear DGN1000 'currentsetting.htm' security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/34514

Trust: 0.6

sources: CNVD: CNVD-2013-06821

EXTERNAL IDS

db:SECUNIAid:53652

Trust: 0.6

db:CNVDid:CNVD-2013-06821

Trust: 0.6

sources: CNVD: CNVD-2013-06821

REFERENCES

url:http://www.secunia.com/advisories/53652/

Trust: 0.6

url:http://archives.neohapsis.com/archives/bugtraq/current/0009.html

Trust: 0.6

sources: CNVD: CNVD-2013-06821

SOURCES

db:CNVDid:CNVD-2013-06821

LAST UPDATE DATE

2022-05-17T02:03:23.463000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-06821date:2013-06-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-06821date:2013-06-07T00:00:00