Details of VAR-201912-2033

ID

VAR-201912-2033

TITLE

(0Day) NETGEAR AC1200 mini_httpd Cleartext Transmission of Sensitive Information Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-19-1014

DESCRIPTION

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR AC1200 Smart WiFi Router. User interaction is required to exploit this vulnerability.The specific flaw exists within the handling of admin credentials provided to the mini_httpd endpoint. The issue results from displaying sensitive information in plaintext. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.

Trust: 0.7

sources: ZDI: ZDI-19-1014

AFFECTED PRODUCTS

vendor:

netgear

model:

ac1200

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-19-1014

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-19-1014
value:	MEDIUM
Trust: 0.7

ZDI:	ZDI-19-1014
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-19-1014

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-8671	Trust: 0.7
db:	ZDI	id:	ZDI-19-1014	Trust: 0.7

sources: ZDI: ZDI-19-1014

CREDITS

Michael Flanders of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-1014

SOURCES

db:

ZDI

id:

ZDI-19-1014

LAST UPDATE DATE

2022-05-17T02:02:22.506000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-19-1014

date:

2019-12-12T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-19-1014

date:

2019-12-12T00:00:00