ID
VAR-201404-0699
TITLE
NETGEAR DGN2200 ADSL Router Web Interface HTML Injection vulnerability
Trust: 0.9
DESCRIPTION
NETGEAR DGN2200 is a wireless router product from NETGEAR. An HTML injection vulnerability exists in Netgear DGN2200, which originates from the fact that the user does not properly filter the input submitted by the program before generating dynamic content. An attacker could use this vulnerability to execute arbitrary code on a browser in the context of an affected site. Helps steal cookie-based authentication and launch further attacks. There are vulnerabilities in Netgear DGN2200 1.0.0.29_1.7.29. Other versions may also be affected
Trust: 0.81
AFFECTED PRODUCTS
| vendor: | netgear | model: | dgn2200 1.0.0.29 1.7.29 | scope: | - | version: | - | Trust: 0.3 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 67178 | Trust: 0.9 |
| db: | CNNVD | id: | CNNVD-201405-078 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/67178 | Trust: 0.6 |
| url: | http://www.netgear.com | Trust: 0.3 |
CREDITS
Dolev Farhi
Trust: 0.9
SOURCES
| db: | CNNVD | id: | CNNVD-201405-078 |
| db: | BID | id: | 67178 |
LAST UPDATE DATE
2021-12-17T19:43:32.877000+00:00
SOURCES UPDATE DATE
| db: | CNNVD | id: | CNNVD-201405-078 | date: | 2014-05-08T00:00:00 |
| db: | BID | id: | 67178 | date: | 2014-04-30T00:00:00 |
SOURCES RELEASE DATE
| db: | CNNVD | id: | CNNVD-201405-078 | date: | 2014-04-30T00:00:00 |
| db: | BID | id: | 67178 | date: | 2014-04-30T00:00:00 |