Web application abuses : NETGEAR WNR2000 Router Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.809775

Kategorie: Web application abuses

Titel: NETGEAR WNR2000 Router Multiple Vulnerabilities

Zusammenfassung: The host is running NETGEAR WNR2000 Router; and is prone to multiple vulnerabilities.

Beschreibung: Summary:
The host is running NETGEAR WNR2000 Router
and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- The device leaks its serial number while requesting for
'BRS_netgear_success.html'.

- Improper access control while sending request to 'apply_noauth.cgi'.

- Timestamps used in application can be easily calculated and generated outside.

- Improper handling of access to *.cgi files by HTTP server in the device (uhttpd).

Vulnerability Impact:
Successful exploitation will allow remote
attackers to gain access to potentially sensitive information, reboot router,
factory reset the router, change WLAN settings, change password recovery settings,
obtain the admin password once recovery settings are changed, execute code and
conduct denial of service attack.

Affected Software/OS:
NETGEAR WNR2000 routers

Solution:
NETGEAR has released beta firmware for the affected routers, which can be obtained from the referenced vendor KB entry.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-10175
Common Vulnerability Exposure (CVE) ID: CVE-2016-10176
Common Vulnerability Exposure (CVE) ID: CVE-2016-10174

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.809775
Kategorie:	Web application abuses
Titel:	NETGEAR WNR2000 Router Multiple Vulnerabilities
Zusammenfassung:	The host is running NETGEAR WNR2000 Router; and is prone to multiple vulnerabilities.
Beschreibung:	Summary: The host is running NETGEAR WNR2000 Router and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The device leaks its serial number while requesting for 'BRS_netgear_success.html'. - Improper access control while sending request to 'apply_noauth.cgi'. - Timestamps used in application can be easily calculated and generated outside. - Improper handling of access to *.cgi files by HTTP server in the device (uhttpd). Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to potentially sensitive information, reboot router, factory reset the router, change WLAN settings, change password recovery settings, obtain the admin password once recovery settings are changed, execute code and conduct denial of service attack. Affected Software/OS: NETGEAR WNR2000 routers Solution: NETGEAR has released beta firmware for the affected routers, which can be obtained from the referenced vendor KB entry. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10175 Common Vulnerability Exposure (CVE) ID: CVE-2016-10176 Common Vulnerability Exposure (CVE) ID: CVE-2016-10174
Copyright	Copyright (C) 2016 Greenbone Networks GmbH