Details of VAR-201405-0629

ID

VAR-201405-0629

TITLE

NETGEAR DGN2200 ADSL Router Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-02891 // CNNVD: CNNVD-201405-069

DESCRIPTION

The NETGEAR DGN2200 has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. NETGEAR DGN2200 is a wireless router product from NETGEAR. The NETGEAR DGN2200 router has a cross-site request forgery vulnerability. A remote attacker could use this vulnerability to perform unauthorized operations. There are vulnerabilities in the NETGEAR DGN2200 router running firmware 1.0.0.29_1.7.29, other versions may also be affected. This may lead to further attacks

Trust: 1.35

sources: CNVD: CNVD-2014-02891 // CNNVD: CNNVD-201405-069 // BID: 67201

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02891

AFFECTED PRODUCTS

vendor:

netgear

model:

dgn2200 1.0.0.29 1.7.29

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2014-02891 // BID: 67201

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-02891
value:	LOW
Trust: 0.6

CNVD:	CNVD-2014-02891
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-02891

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-069

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201405-069

EXTERNAL IDS

db:	BID	id:	67201	Trust: 1.5
db:	OSVDB	id:	106643	Trust: 0.6
db:	CNVD	id:	CNVD-2014-02891	Trust: 0.6
db:	CNNVD	id:	CNNVD-201405-069	Trust: 0.6

sources: CNVD: CNVD-2014-02891 // BID: 67201 // CNNVD: CNNVD-201405-069

REFERENCES

url:	http://www.bugsearch.net/en/15296/netgear-dgn2200-100291729hots-csrf-vulnerability.html	Trust: 0.6
url:	http://osvdb.com/show/osvdb/106643	Trust: 0.6
url:	http://www.securityfocus.com/bid/67201	Trust: 0.6
url:	http://www.netgear.com	Trust: 0.3

sources: CNVD: CNVD-2014-02891 // BID: 67201 // CNNVD: CNNVD-201405-069

CREDITS

Dolev Farhi

Trust: 0.9

sources: BID: 67201 // CNNVD: CNNVD-201405-069

SOURCES

db:	CNVD	id:	CNVD-2014-02891
db:	BID	id:	67201
db:	CNNVD	id:	CNNVD-201405-069

LAST UPDATE DATE

2022-05-17T02:02:30.037000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02891	date:	2014-05-09T00:00:00
db:	BID	id:	67201	date:	2014-05-03T00:00:00
db:	CNNVD	id:	CNNVD-201405-069	date:	2014-05-07T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02891	date:	2014-05-09T00:00:00
db:	BID	id:	67201	date:	2014-05-03T00:00:00
db:	CNNVD	id:	CNNVD-201405-069	date:	2014-05-07T00:00:00