Design/Logic Flaw

2020-10-1317:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.0%

JSON

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.

CPENameOperatorVersion
r6020_firmwarelt1.0.0.44
r6080_firmwarelt1.0.0.44
r6120_firmwarelt1.0.0.70
r6220_firmwarelt1.1.0.100
r6230_firmwarelt1.1.0.100
r6260_firmwarelt1.1.0.76
r6330_firmwarelt1.1.0.76
r6350_firmwarelt1.1.0.76
r6850_firmwarelt1.1.0.76

Name	Operator	Version
r6020_firmware	lt	1.0.0.44
r6080_firmware	lt	1.0.0.44
r6120_firmware	lt	1.0.0.70
r6220_firmware	lt	1.1.0.100
r6230_firmware	lt	1.1.0.100
r6260_firmware	lt	1.1.0.76
r6330_firmware	lt	1.1.0.76
r6350_firmware	lt	1.1.0.76
r6850_firmware	lt	1.1.0.76