PT-2011-3285 · NetGear · Netgear Prosafe Wnap210

Trevor Seward

Published

2011-04-10

Updated

2017-08-17

CVE-2011-1674

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NetGear ProSafe WNAP210 version 2.0.12

Description The issue allows remote attackers to bypass authentication and obtain access to the configuration page. This can be achieved by visiting the "recreate.php" endpoint and then accessing the "index.php" endpoint.

Recommendations For NetGear ProSafe WNAP210 version 2.0.12, consider restricting access to the "recreate.php" and "index.php" endpoints until a patch is available. As a temporary workaround, limit the exposure of the device to the internet and only allow trusted sources to access the configuration page.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2011-1674

Affected Products

Netgear Prosafe Wnap210

PT-2011-3285 · NetGear · Netgear Prosafe Wnap210

CVE-2011-1674

Weakness Enumeration

Related Identifiers

Affected Products

References · 5