Details of VAR-201402-0449

ID

VAR-201402-0449

TITLE

NetGear N300 DGN2200 Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 65530 // CNNVD: CNNVD-201402-251

DESCRIPTION

NetGear N300 DGN2200 is a wireless ADSL2 + Modem router product from NetGear. The following security vulnerabilities exist in NetGear N300 DGN2200 running firmware version 1.0.0.36-7.0.37: 1. Local information disclosure vulnerability 2. Cross-site request forgery vulnerability 3. Arbitrary file access vulnerability 4. Remote command execution vulnerability 5. Unauthorized access Vulnerability 6. Security Bypass Vulnerability. Attackers can use these vulnerabilities to bypass security restrictions, obtain sensitive information, perform unauthorized operations in the context of the logged-in user, gain access, or execute arbitrary commands in the context of the affected application. An unauthorized-access weakness 6

Trust: 1.35

sources: CNVD: CNVD-2014-01022 // CNNVD: CNNVD-201402-251 // BID: 65530

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01022

AFFECTED PRODUCTS

vendor:

netgear

model:

n300 dgn2200

scope:

version:

1.0.0.36-7.0.37

Trust: 0.9

sources: CNVD: CNVD-2014-01022 // BID: 65530

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01022
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-01022
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01022

THREAT TYPE

remote ※ local

Trust: 0.6

sources: CNNVD: CNNVD-201402-251

TYPE

Unknown

Trust: 0.3

sources: BID: 65530

EXTERNAL IDS

db:	BID	id:	65530	Trust: 1.5
db:	CNVD	id:	CNVD-2014-01022	Trust: 0.6
db:	CNNVD	id:	CNNVD-201402-251	Trust: 0.6

sources: CNVD: CNVD-2014-01022 // BID: 65530 // CNNVD: CNNVD-201402-251

REFERENCES

url:	http://www.securityfocus.com/bid/65530	Trust: 1.2
url:	http://www.netgear.com/home/products/networking/dsl-modems-routers/dgn2200.aspx	Trust: 0.3

sources: CNVD: CNVD-2014-01022 // BID: 65530 // CNNVD: CNNVD-201402-251

CREDITS

Andrew Horton from BAE Systems Applied Intelligence

Trust: 0.9

sources: BID: 65530 // CNNVD: CNNVD-201402-251

SOURCES

db:	CNVD	id:	CNVD-2014-01022
db:	BID	id:	65530
db:	CNNVD	id:	CNNVD-201402-251

LAST UPDATE DATE

2022-05-17T01:41:21.604000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01022	date:	2014-02-18T00:00:00
db:	BID	id:	65530	date:	2014-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201402-251	date:	2014-03-03T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01022	date:	2014-02-18T00:00:00
db:	BID	id:	65530	date:	2014-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201402-251	date:	2014-02-12T00:00:00