Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCertccCVE-2016-5649
HistoryJul 24, 2018 - 3:29 p.m.

CVE-2016-5649

2018-07-2415:29:00
CWE-200
CWE-319
certcc
web.nvd.nist.gov
50
cve-2016-5649
netgear
dgn2200
dgnd3700
vulnerability
remote attacker
authentication
admin password
clear text
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.131

Percentile

95.6%

JSON

A vulnerability is in the ‘BSW_cxttongr.htm’ page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router’s web interface.

Affected configurations

Nvd
Node
netgeardgn2200_firmwareMatch1.0.0.50_7.0.50
AND
netgeardgn2200Match-
Node
netgeardgnd3700_firmwareMatch1.0.0.17_1.0.17
AND
netgeardgnd3700Match-
VendorProductVersionCPE
netgeardgn2200_firmware1.0.0.50_7.0.50cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*
netgeardgn2200-cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*
netgeardgnd3700_firmware1.0.0.17_1.0.17cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*
netgeardgnd3700-cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "DGN2200",
    "vendor": "Netgear",
    "versions": [
      {
        "status": "affected",
        "version": "DGN2200-V1.0.0.50_7.0.50"
      }
    ]
  },
  {
    "product": "DGND3700",
    "vendor": "Netgear",
    "versions": [
      {
        "status": "affected",
        "version": "DGND3700-V1.0.0.17_1.0.17"
      }
    ]
  }
]

Related

exploitdb 1
openvas 2
exploitpack 1
nuclei 1
nvd 1
prion 1
cvelist 1
zdt 2
packetstorm 1
exploitdb
exploitdb
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
2019-04-30 00:00:00
openvas
openvas
Netgear DGN2000, DGND3700 Password Disclosure Vulnerability
2017-01-06 00:00:00
Netgear DGN2200 / DGND3700 Admin Password Disclosure
2018-07-25 00:00:00
exploitpack
exploitpack
Netgear DGN2200 DGND3700 - Admin Password Disclosure
2019-04-30 00:00:00
nuclei
nuclei
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
2021-07-06 14:25:39
nvd
nvd
CVE-2016-5649
2018-07-24 15:29:00
prion
prion
Authentication flaw
2018-07-24 15:29:00
cvelist
cvelist
CVE-2016-5649 Netgear DGN2200 and DGND3700 disclose the administrator password
2018-07-24 15:00:00
zdt
zdt
Netgear DGN2200 / DGND3700 - Admin Password Disclosure Vulnerability
2019-05-01 00:00:00
Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure Vulnerability
2017-01-04 00:00:00
packetstorm
packetstorm
Netgear DGN2200 / DGND3700 Admin Password Disclosure
2019-04-30 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.131

Percentile

95.6%

JSON
Related for CVE-2016-5649
exploitdb1openvas2exploitpack1nuclei1nvd1prion1cvelist1zdt2packetstorm1