PT-2019-6904 · NetGear · Netgear Centria Wndr4700

Jacob Holcomb

Published

2019-11-14

Updated

2019-11-20

CVE-2013-3072

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NETGEAR Centria WNDR4700 Firmware version 1.0.0.34

Description An Authentication Bypass issue exists, allowing any user to access the web administration portal without a password by visiting a specific URL. The affected URL is http:///apply.cgi?/hdd usr setup.htm.

Recommendations For NETGEAR Centria WNDR4700 Firmware version 1.0.0.34, as a temporary workaround, consider restricting access to the apply.cgi endpoint until a patch is available. Avoid using the /hdd usr setup.htm page in the affected API endpoint until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-3072

Affected Products

Netgear Centria Wndr4700

PT-2019-6904 · NetGear · Netgear Centria Wndr4700

CVE-2013-3072

Weakness Enumeration

Related Identifiers

Affected Products

References · 5