Details of VAR-201401-0665

ID

VAR-201401-0665

TITLE

NetGear N150 WNR1000v3 Password Recovery Feature Information Disclosure Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2014-00432 // BID: 64940 // CNNVD: CNNVD-201401-438

DESCRIPTION

The Feixun FWR-604H diagnosis.asp script failed to properly filter the 'system_command' parameter data, allowing remote attackers to exploit the vulnerability to execute arbitrary commands. Feixun FWR-604H is a 150M enhanced wireless router product from China Feixun. A remote code execution vulnerability exists in Feixun FWR-604H. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device. There are vulnerabilities in Feixun FWR-604H version 1.0, other versions may also be affected. An information disclosure vulnerability exists in the firmware NetGear N150 WNR1000v3 running 1.0.2.60_60.0.86, 1.0.2.54_60.0.82NA and 1.0.2.62_60.0.87 firmware. NetGear N150 WNR1000v3 is prone to an information-disclosure vulnerability

Trust: 2.7

sources: CNVD: CNVD-2014-00432 // CNVD: CNVD-2014-00388 // CNNVD: CNNVD-201401-450 // CNNVD: CNNVD-201401-438 // BID: 64940 // BID: 64957

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2014-00432 // CNVD: CNVD-2014-00388

AFFECTED PRODUCTS

vendor:	netgear	model:	n150 wnr1000v3 v1.0.2.60 60.0.86	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	n150 wnr1000v3 v1.0.2.54 60.0.82na	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	n150 wnr1000v3 v1.0.2.62 60.0.87	scope:	-	version:	-	Trust: 0.6
vendor:	feixun	model:	fwr-604h	scope:	eq	version:	1.0	Trust: 0.6
vendor:	phicomm	model:	feixun fwr-604h build	scope:	eq	version:	1.07642	Trust: 0.3

sources: CNVD: CNVD-2014-00432 // CNVD: CNVD-2014-00388 // BID: 64957

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00432
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2014-00388
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-00432
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2014-00388
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00432 // CNVD: CNVD-2014-00388

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201401-450 // CNNVD: CNNVD-201401-438

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201401-450

PATCH

title:

NetGear N150 WNR1000v3 Password Recovery Feature Information Disclosure Vulnerability Patch

url:

https://www.cnvd.org.cn/patchinfo/show/42533

Trust: 0.6

sources: CNVD: CNVD-2014-00432

EXTERNAL IDS

db:	BID	id:	64940	Trust: 1.5
db:	BID	id:	64957	Trust: 1.5
db:	EXPLOIT-DB	id:	30900	Trust: 1.2
db:	CNVD	id:	CNVD-2014-00432	Trust: 0.6
db:	CNVD	id:	CNVD-2014-00388	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-450	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-438	Trust: 0.6

sources: CNVD: CNVD-2014-00432 // CNVD: CNVD-2014-00388 // BID: 64940 // BID: 64957 // CNNVD: CNNVD-201401-450 // CNNVD: CNNVD-201401-438

REFERENCES

url:	http://www.exploit-db.com/exploits/30900/	Trust: 1.2
url:	http://www.securityfocus.com/bid/64957	Trust: 0.6
url:	http://www.securityfocus.com/bid/64940	Trust: 0.6
url:	http://www.netgear.com	Trust: 0.3
url:	http://www.sonatype.org/advisories/archive/2014-01-13-nexus	Trust: 0.3

sources: CNVD: CNVD-2014-00432 // CNVD: CNVD-2014-00388 // BID: 64940 // BID: 64957 // CNNVD: CNNVD-201401-450 // CNNVD: CNNVD-201401-438

CREDITS

c1ph04text

Trust: 0.9

sources: BID: 64940 // CNNVD: CNNVD-201401-438

SOURCES

db:	CNVD	id:	CNVD-2014-00432
db:	CNVD	id:	CNVD-2014-00388
db:	BID	id:	64940
db:	BID	id:	64957
db:	CNNVD	id:	CNNVD-201401-450
db:	CNNVD	id:	CNNVD-201401-438

LAST UPDATE DATE

2022-05-17T01:45:23.355000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00432	date:	2014-01-17T00:00:00
db:	CNVD	id:	CNVD-2014-00388	date:	2014-01-17T00:00:00
db:	BID	id:	64940	date:	2014-07-08T00:06:00
db:	BID	id:	64957	date:	2014-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201401-450	date:	2014-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201401-438	date:	2014-01-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00432	date:	2014-01-17T00:00:00
db:	CNVD	id:	CNVD-2014-00388	date:	2014-01-17T00:00:00
db:	BID	id:	64940	date:	2014-01-12T00:00:00
db:	BID	id:	64957	date:	2014-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201401-450	date:	2014-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201401-438	date:	2014-01-24T00:00:00