CVE-2016-11059
https://notcve.org/view.php?id=CVE-2016-11059
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06. Determinados dispositivos de NETGEAR están afectados por una exposición de contraseñas. Esto afecta a AC1450 hasta el 06-01-2017, C6300 hasta el 06-01-2017, D500 hasta el 06-01-2017, D1500 hasta el 06-01-2017, D3600 hasta el 06-01-2017, D6000 hasta el 06-01-2017, D6100 hasta el 06-01-2017, D6200 hasta el 06-01-2017, D6200B hasta el 06-01-2017, D6300B hasta el 06-01-2017, D6300 hasta el 06-01-2017, DGN1000v3 hasta el 06-01-2017, DGN2200v1 hasta el 06-01-2017, DGN2200v3 hasta el 06-01-2017, DGN2200V4 hasta el 06-01-2017, DGN2200Bv3 hasta el 06-01-2017, DGN2200Bv4 hasta el 06-01-2017, DGND3700v1 hasta el 06-01-2017, DGND3700v2 hasta el 06-01-2017, DGND3700Bv2 hasta el 06-01-2017, JNR1010v1 hasta el 06-01-2017, JNR1010v2 hasta el 06-01-2017, JNR3300 hasta el 06-01-2017, JR6100 hasta el 06-01-2017, JR6150 hasta el 06-01-2017, JWNR2000v5 hasta el 06-01-2017, R2000 hasta el 06-01-2017, R6050 hasta el 06-01-2017, R6100 hasta el 06-01-2017, R6200 hasta el 06-01-2017, R6200v2 hasta el 06-01-2017, R6220 hasta el 06-01-2017, R6250 hasta el 06-01-2017, R6300 hasta el 06-01-2017, R6300v2 hasta el 06-01-2017, R6700 hasta el 06-01-2017, R7000 hasta el 06-01-2017, R7900 hasta el 06-01-2017, R7500 hasta el 06-01-2017, R8000 hasta el 06-01-2017, WGR614v10 hasta el 06-01-2017, WNR1000v2 hasta el 06-01-2017, WNR1000v3 hasta el 06-01-2017, WNR1000v4 hasta el 06-01-2017, WNR2000v3 hasta el 06-01-2017, WNR2000v4 hasta el 06-01-2017, WNR2000v5 hasta el 06-01-2017, WNR2200 hasta el 06-01-2017, WNR2500 hasta el 06-01-2017, WNR3500Lv2 hasta el 06-01-2017, WNDR3400v2 hasta el 06-01-2017, WNDR3400v3 hasta el 06-01-2017, WNDR3700v3 hasta el 06-01-2017, WNDR3700v4 hasta el 06-01-2017, WNDR3700v5 hasta el 06-01-2017, WNDR4300 hasta el 06-01-2017, WNDR4300v2 hasta el 06-01-2017, WNDR4500v1 hasta el 06-01-2017, WNDR4500v2 hasta el 06-01-2017, and WNDR4500v3 hasta el 06-01-2017. • https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-18703
https://notcve.org/view.php?id=CVE-2017-18703
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a D1500 versiones anteriores a 1.0.0.25, D500 versiones anteriores a 1.0.0.25, D6100 versiones anteriores a 1.0.0.55, D7000 versiones anteriores a 1.0.1.50, D7800 versiones anteriores a 1.0.1.28, EX6100v2 versiones anteriores a 1.0.1.60, EX6150v2 versiones anteriores a 1.0.1.60, JNR1010v2 versiones anteriores a 1.1.0.46, JR6150 versiones anteriores a 1.0.1.16, JWNR2010v5 versiones anteriores a 1.1.0.46, PR2000 versiones anteriores a 1.0.0.18, R6020 versiones anteriores a 1.0.0.26, R6050 versiones anteriores a 1.0.1.16, R6080 versiones anteriores a 1.0.0.26, R6100 versiones anteriores a 1.0.1.20, R6220 versiones anteriores a 1.1.0.60, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WN3000RPv3 versiones anteriores a 1.0.2.50, WN3100RPv2 versiones anteriores a 1.0.0.40, WNDR3700v5 versiones anteriores a 1.1.0.48, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0. 0.48, WNR1000v4 versiones anteriores a 1.1.0.46, WNR2000v5 versiones anteriores a 1.0.0.62, WNR2020 versiones anteriores a 1.1.0.46 y WNR2050 versiones anteriores a 1.1.0.46. • https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-5521 – NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2017-5521
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi? • https://www.exploit-db.com/exploits/41205 http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability http://www.securityfocus.com/bid/95457 •