Details of VAR-201402-0571

ID

VAR-201402-0571

TITLE

NETGEAR D6300B special message remote root telnet access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-00714

DESCRIPTION

The NETGEAR D6300B is a smart router device. The NETGEAR D6300B has a vulnerability in handling specially crafted messages that combine the 'Gearguy' username with the 'Geardog' password, allowing remote attackers to exploit the vulnerability without requiring authentication to gain root access to the device.

Trust: 0.6

sources: CNVD: CNVD-2014-00714

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00714

AFFECTED PRODUCTS

vendor:

netgear

model:

d6300b 1.0.0.14 1.0.14

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2014-00714

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00714
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-00714
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00714

EXTERNAL IDS

db:

CNVD

id:

CNVD-2014-00714

Trust: 0.6

sources: CNVD: CNVD-2014-00714

REFERENCES

url:

http://seclists.org/bugtraq/2014/feb/5

Trust: 0.6

sources: CNVD: CNVD-2014-00714

SOURCES

db:

CNVD

id:

CNVD-2014-00714

LAST UPDATE DATE

2022-05-04T09:30:19.013000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2014-00714

date:

2014-02-12T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2014-00714

date:

2014-02-13T00:00:00