CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4864 – Netgear GS105Ev2 Authentication Bypass / XSS / CSRF
https://notcve.org/view.php?id=CVE-2014-4864
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. La utilidad de configuración NETGEAR ProSafe Plus crea ficheros de la copia de seguridad de la configuración que contienen las contraseñas en texto plano, lo que podría permitir a los atacantes remotos obtener información sensible mediante la lectura de un fichero. The Netgear GS105Ev2 gigabit switch suffers from authentication bypass, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://www.kb.cert.org/vuls/id/396212 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 61%CPEs: 24EXPL: 2CVE-2013-4775 – Netgear ProSafe - Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4775
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. NETGEAR ProSafe GS724Tv3 y GS716Tv2 con firmware 5.4.1.13 y anteriores; GS748Tv4 con firmware 5.4.1.14; GS510TP con firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, y GS725TS con firmware 5.3.0.17; y GS752TXS y GS728TXS con firmware 6.1.0.12 permite a atacantes remotos leer credenciales de administrador cifradas y otras configuraciones de inicio a través de una petición directa a filesystem/startup-config. • https://www.exploit-db.com/exploits/27774 http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •