PT-2018-4932 · NetGear · Netgear Dgnd3700+1

Publicado

2018-07-24

·

Atualizado

2019-10-09

·

CVE-2016-5649

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Netgear DGN2200 version DGN2200-V1.0.0.50 7.0.50 Netgear DGND3700 version DGND3700-V1.0.0.17 1.0.17
Description A remote attacker can access the 'BSW cxttongr.htm' page without authentication, exposing the admin password in clear text before it gets redirected to 'absw vfysucc.cgia'. This allows the attacker to gain administrator access to the targeted router's web interface.
Recommendations For Netgear DGN2200 version DGN2200-V1.0.0.50 7.0.50, restrict access to the 'BSW cxttongr.htm' page until a patch is available. For Netgear DGND3700 version DGND3700-V1.0.0.17 1.0.17, restrict access to the 'BSW cxttongr.htm' page until a patch is available.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-200

Identificadores relacionados

CVE-2016-5649

Produtos afetados

Netgear Dgn2200
Netgear Dgnd3700