Vulnerability CVE-2013-4775


Published: 2013-12-18   Modified: 2013-12-19

Description:
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Netgear ProSafe Disclosure / Denial Of Service
Juan J. Guelfo
22.08.2013
Med.
Netgear ProSafe Information Disclosure Vulnerability Exploit
Juan J. Guelfo
22.08.2013

Type:

CWE-200

(Information Exposure)

Vendor: Netgear
Product: Prosafe gs748t 
Version: v4;
Product: Prosafe gs724t 
Version: v3;
Product: Prosafe s716t 
Version: v2;
Product: Prosafe firmware 
Version:
6.1.0.12
5.4.1.14
5.4.1.13
5.4.1.10
5.4.0.6
5.3.0.17
5.0.4.4
Product: Prosafe gs728txs 
Product: Prosafe gs510tp 
Product: Prosafe gs752tps 
Product: Prosafe gs725ts 
Product: Prosafe gs728ts 
Product: Prosafe gs752txs 
Product: Prosafe gs728tps 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

 References:
http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf

Related CVE
CVE-2019-17049
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
CVE-2019-5055
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMes...
CVE-2019-5054
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authenti...
CVE-2016-10864
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.
CVE-2019-5017
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenti...
CVE-2019-5016
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially c...
CVE-2016-5649
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When proces...
CVE-2016-5638
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can a...

Copyright 2019, cxsecurity.com

 

Back to Top