Page 27 of 132 results (0.003 seconds)

CVSS: 8.1EPSS: 1%CPEs: 66EXPL: 1

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L. Determinados dispositivos NETGEAR permiten a atacantes remotos deshabilitar todos los requisitos de autenticación visitando el archivo genieDisableLanChanged.cgi. El atacante puede, por ejemplo, visitar MNU_accessPassword_recovered.html para obtener una nueva contraseña de administrador válida. • https://github.com/zer0yu/CVE_Request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md • CWE-287: Improper Authentication •

CVSS: 9.3EPSS: 97%CPEs: 22EXPL: 3

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. NETGEAR R6250 en versiones anteriores a 1.0.4.6.Beta, R6400 en versiones anteriores a 1.0.1.18.Beta, R6700 en versiones anteriores a 1.0.1.14.Beta, R6900, R7000 en versiones anteriores a 1.0.7.6.Beta, R7100LG en versiones anteriores a 1.0.0.28.Beta, R7300DST en versiones anteriores a 1.0.0.46.Beta, R7900 en versiones anteriores a 1.0.1.8.Beta, R8000 en versiones anteriores a 1.0.3.26.Beta, D6220, D6400, D7000 y posiblemente otros routers permiten a atacantes remotos ejecutar comandos a través de metacaractéres shell en la ruta info a cgi-bin/. Netgear R6400 suffers from a remote code execution vulnerability. NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. • https://www.exploit-db.com/exploits/41598 https://www.exploit-db.com/exploits/40889 http://kb.netgear.com/000036386/CVE-2016-582384 http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html http://www.securityfocus.com/bid/94819 http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers https://kalypto.org/research/netgear-vulnerability-expanded https://www.kb.cert.org/vuls/id/582384 • CWE-352: Cross-Site Request Forgery (CSRF) •