Details of VAR-201912-2027

ID

VAR-201912-2027

TITLE

(0Day) NETGEAR AC1200 mini_httpd Password Storage Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-19-1011

DESCRIPTION

This vulnerability allows network-adjacent attackers to disclose sensitive information on vulnerable installations of NETGEAR AC1200 Smart WiFi Router. Authentication is required to exploit this vulnerability.The specific flaw exists within the storage of administrator credentials. The credentials are stored in a recoverable format making them subject to password reuse attacks. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.

Trust: 0.7

sources: ZDI: ZDI-19-1011

AFFECTED PRODUCTS

vendor:

netgear

model:

ac1200

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-19-1011

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-19-1011
value:	MEDIUM
Trust: 0.7

ZDI:	ZDI-19-1011
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-19-1011

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-8615	Trust: 0.7
db:	ZDI	id:	ZDI-19-1011	Trust: 0.7

sources: ZDI: ZDI-19-1011

CREDITS

Michael Flanders of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-1011

SOURCES

db:

ZDI

id:

ZDI-19-1011

LAST UPDATE DATE

2022-05-17T01:36:02.747000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-19-1011

date:

2019-12-12T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-19-1011

date:

2019-12-12T00:00:00