This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.
oryginał ENCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear Ac2100
HWNetgearwszystkie wersjeNetgear Ac2100 Firmware
OSNetgear< 1.2.0.88Netgear Ac2400
HWNetgearwszystkie wersjeNetgear Ac2400 Firmware
OSNetgear< 1.2.0.88Netgear Ac2600
HWNetgearwszystkie wersjeNetgear Ac2600 Firmware
OSNetgear< 1.2.0.88Netgear D7000v1
HWNetgearwszystkie wersjeNetgear D7000v1 Firmware
OSNetgear< 1.0.1.80Netgear R6220
HWNetgearwszystkie wersjeNetgear R6220 Firmware
OSNetgear< 1.1.0.110Netgear R6230
HWNetgearwszystkie wersjeNetgear R6230 Firmware
OSNetgear< 1.1.0.110Netgear R6260
HWNetgearwszystkie wersjeNetgear R6260 Firmware
OSNetgear< 1.1.0.84Netgear R6330
HWNetgearwszystkie wersjeNetgear R6330 Firmware
OSNetgear< 1.1.0.84Netgear R6350
HWNetgearwszystkie wersjeNetgear R6350 Firmware
OSNetgear< 1.1.0.84Netgear R6700v2
HWNetgearwszystkie wersjeNetgear R6700v2 Firmware
OSNetgear< 1.2.0.88Netgear R6800
HWNetgearwszystkie wersjeNetgear R6800 Firmware
OSNetgear< 1.2.0.88Netgear R6850
HWNetgearwszystkie wersjeNetgear R6850 Firmware
OSNetgear< 1.1.0.84Netgear R6900v2
HWNetgearwszystkie wersjeNetgear R6900v2 Firmware
OSNetgear< 1.2.0.88Netgear R7200
HWNetgearwszystkie wersjeNetgear R7200 Firmware
OSNetgear< 1.2.0.88Netgear R7350
HWNetgearwszystkie wersjeNetgear R7350 Firmware
OSNetgear< 1.2.0.88
Powiązane podatności
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...
Command injection w Netgear R6850 poprzez parametr c4-IPAddr
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 bef...
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 befor...