Sign-up

ID

VAR-201405-0649


TITLE

NETGEAR DGN1000 undocumented scfgmgr service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-02729

DESCRIPTION

The NETGEAR DGN1000 is a wireless router device. The NETGEAR DGN1000 has a design problem with the scfgmgr service when processing inbound requests, allowing attackers to submit specially crafted requests and perform various operations such as getting configuration files and executing arbitrary shell commands.

Trust: 0.6

sources: CNVD: CNVD-2014-02729

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02729

AFFECTED PRODUCTS

vendor:netgearmodel:dgn1000bscope:eqversion:1.1.0.55

Trust: 0.6

vendor:netgearmodel:dgn1000bscope:eqversion:1.1.00.49

Trust: 0.6

sources: CNVD: CNVD-2014-02729

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-02729
value: HIGH

Trust: 0.6

CNVD: CNVD-2014-02729
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-02729

EXTERNAL IDS

db:OSVDBid:106324

Trust: 0.6

db:EXPLOIT-DBid:32938

Trust: 0.6

db:CNVDid:CNVD-2014-02729

Trust: 0.6

sources: CNVD: CNVD-2014-02729

REFERENCES

url:http://www.exploit-db.com/exploits/32938/

Trust: 0.6

url:http://www.synacktiv.com/ressources/tcp32764_backdoor_again.pdf

Trust: 0.6

url:http://osvdb.com/show/osvdb/106324

Trust: 0.6

sources: CNVD: CNVD-2014-02729

SOURCES

db:CNVDid:CNVD-2014-02729

LAST UPDATE DATE

2022-05-17T01:36:52.981000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02729date:2014-05-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-02729date:2014-05-04T00:00:00