9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.
Affected (2)
Products: Netgear: Dgn2200 Firmware, Dgnd3700 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0.0.50_7.0.50 |
| Running on/with | Platform Versions |
|---|---|
Netgear Dgn2200 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0.0.17_1.0.17 |
| Running on/with | Platform Versions |
|---|---|
Netgear Dgnd3700 | All versions |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
References (4)
Source: cret@cert.org
ExploitThird Party AdvisoryVDB Entry
Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Timeline
No history available yet.