Vulners
Lucene search
Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure Vulnerability
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | Netgear DGN2200 / DGND3700 - Admin Password Disclosure Vulnerability | 1 May 201900:00 | – | zdt |
 | Netgear WNDR4500 Information Disclosure Vulnerability | 26 Jul 201800:00 | – | cnvd |
| Netgear DGN2200 Information Disclosure Vulnerability | 26 Jul 201800:00 | – | cnvd |
 | CVE-2016-5638 | 24 Jul 201815:00 | – | cve |
| CVE-2016-5649 | 24 Jul 201815:00 | – | cve |
 | CVE-2016-5638 Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text | 24 Jul 201815:00 | – | cvelist |
| CVE-2016-5649 Netgear DGN2200 and DGND3700 disclose the administrator password | 24 Jul 201815:00 | – | cvelist |
 | Netgear DGN2200 / DGND3700 - Admin Password Disclosure | 30 Apr 201900:00 | – | exploitdb |
 | EUVD-2016-6582 | 7 Oct 202500:30 | – | euvd |
 | Netgear DGN2200 DGND3700 - Admin Password Disclosure | 30 Apr 201900:00 | – | exploitpack |
10
# Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities
# Author: Mandar jadhav
# Vendor Homepage: https://www.netgear.com/
# CVE's : CVE-2016-5649, CVE-2016-5638
1. Admin password disclosure (CVE-2016-5649)
A vulnerability is in the 'BSW_cxttongr.htm' page which can allow a remote
attacker to access this page without any authentication. When processed, it
exposes adminas password in clear text before it gets redirected to
absw_vfysucc.cgia. An attacker can use this password to gain administrator
access of the targeted routeras web interface.
Affected Models:
Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50
Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17
Solution:
Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for
DGND3700 to address this issue
2. SSID & wireless key Disclosure (CVE-2016-5638)
There are few web pages associated with the genie app. Genie app adds some
capabilities over the Web GUI and can be accessed even when you are away
from home. A remote attacker can access genie_ping.htm or genie_ping2.htm
or genie_ping3.htm page without authentication. Once accessed, the page
will be redirected to the aCongratulations2.htma page, which reveals some
sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID)
and Network Key (Password) in clear text.
Affected Models:
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68
Solution:
WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any
updates for this.
## History
23.06.2016 - Initial contact to Netgear
24.06.2016 - Reported all details to Netgear
01.07.2016 - Email sent to Netgear asking for status update, no response
14.07.2016 - Email sent to Netgear asking for status update, no response
26.07.2016 - Netgear confirms findings
31.08.2016 - Email sent to Netgear asking for status update
02.09.2016 - Received reply from Netgear that they will be releasing a fix
for this
23.12.2016 - Netgear informs that vulnerability has been fixed in the new
version
Thanks,
Mandar
# 0day.today [2018-04-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Jan 2017 00:00Current
8.4High risk
Vulners AI Score8.4
EPSS0.59245