Web application abuses : NETGEAR WNR1000v3 Password Disclosure Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103880

Categoría: Web application abuses

Título: NETGEAR WNR1000v3 Password Disclosure Vulnerability

Resumen: Newer firmware versions of the Netgear N150 WNR1000v3; wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability; allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain; full access to the device. This vulnerability can be exploited remotely if the remote administration access; feature is enabled (as well as locally via wired or wireless access).

Descripción: Summary:
Newer firmware versions of the Netgear N150 WNR1000v3
wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability
allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain
full access to the device. This vulnerability can be exploited remotely if the remote administration access
feature is enabled (as well as locally via wired or wireless access).

Vulnerability Insight:
Netgear WNR1000v3 routers suffer from a flaw in the
password recovery flow that allows for disclosure of the plaintext router credentials.

Vulnerability Impact:
An attacker can exploit this issue to bypass certain security
restrictions and gain unauthorized administrative access to the affected application.

Affected Software/OS:
Tested Device Firmware Versions: V1.0.2.60_60.0.86
and V1.0.2.54_60.0.82NA

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability.
Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the
product or replace the product by another one.

CVSS Score:
9.4

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:C

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103880
Categoría:	Web application abuses
Título:	NETGEAR WNR1000v3 Password Disclosure Vulnerability
Resumen:	Newer firmware versions of the Netgear N150 WNR1000v3; wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability; allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain; full access to the device. This vulnerability can be exploited remotely if the remote administration access; feature is enabled (as well as locally via wired or wireless access).
Descripción:	Summary: Newer firmware versions of the Netgear N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain full access to the device. This vulnerability can be exploited remotely if the remote administration access feature is enabled (as well as locally via wired or wireless access). Vulnerability Insight: Netgear WNR1000v3 routers suffer from a flaw in the password recovery flow that allows for disclosure of the plaintext router credentials. Vulnerability Impact: An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized administrative access to the affected application. Affected Software/OS: Tested Device Firmware Versions: V1.0.2.60_60.0.86 and V1.0.2.54_60.0.82NA Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C
Copyright	Copyright (C) 2014 Greenbone AG