Medium May 26, 2012

Netgear Information Disclosure

Several NETGEAR devices expose /currentsetting.htm without authentication, leaking the device model, firmware version, and other metadata that lets an attacker fingerprint the router before launching model-specific exploits.

CVSS Score

5.3 / 10.0

Severity

Medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Advisory

Vendor	NETGEAR
Models	DGND3300v2, WNR2000v2, DGN1000, N300
Firmware	V2.1.00.48_1.00.48, V1.1.0.41WW, V1.0.0.34_29.0.45NA
Impact	Reveals model, firmware, and other device metadata
Attack Vector	Remote, no authentication required

Description

Several NETGEAR devices expose /currentsetting.htm without authentication. The page returns the device model, firmware version, and other information that helps an attacker fingerprint the device before targeting it with model-specific exploits.

Remediation

No vendor fix. Restrict remote management to trusted networks.

Share this advisory:

Related Security Advisories

Stay informed about other recent vulnerabilities and security advisories

Critical December 18, 2014

Command Execution and Backdoor in Zhone GPON-2520

This post will describe a backdoor account found in the Zhone GPON-2520 and will provide a PoC which can be used to disable the firewall filtration rules in order to allow access to services such as ssh, telnet and ftp.

Severity:

CVSS: 9.8

View advisory

High May 22, 2014

Huawei HG8245 / HG8247 WPA Generator

Huawei HG8245 & HG8247 ONT (firmware version V1R006C00S100) rely on a weak algorithm to calculate the WPA keys, keys can be predicted easily using the WiFi's MAC Address (BSSID).

Severity:

CVSS: 7.4

View advisory

High December 19, 2013

Arbitrary Command Execution in Alcatel-Lucent I-240W-Q

The Alcatel-Lucent I-240W-Q ONT's Diagnostics page does not filter shell metacharacters in the IP address field, allowing any authenticated administrator to execute arbitrary commands as root and fully compromise the device.

Severity:

CVSS: 8.0

View advisory

View All Advisories