CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.7%
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
Vendor | Product | Version | CPE |
---|---|---|---|
netgear | mbr1515_firmware | - | cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:* |
netgear | mbr1515 | - | cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:* |
netgear | mbr1516_firmware | - | cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:* |
netgear | mbr1516 | - | cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:* |
netgear | dgn2200_firmware | - | cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:* |
netgear | dgn2200 | - | cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:* |
netgear | dgn2200m_firmware | - | cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:* |
netgear | dgn2200m | - | cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:* |
netgear | dgnd3700_firmware | - | cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:* |
netgear | dgnd3700 | - | cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.7%