Test ID:	1.3.6.1.4.1.25623.1.0.112333
Category:	Web application abuses
Title:	Netgear DGN2200 / DGND3700 Admin Password Disclosure - Active Check
Summary:	A vulnerability exists in the 'BSW_cxttongr.htm' page which can; allow a remote attacker to access this page without any authentication.;; This VT has been deprecated as a duplicate of the VT 'Netgear DGN2200 / DGND3700 Password; Disclosure Vulnerability - Active Check' (OID: 1.3.6.1.4.1.25623.1.0.106497).
Description:	Summary: A vulnerability exists in the 'BSW_cxttongr.htm' page which can allow a remote attacker to access this page without any authentication. This VT has been deprecated as a duplicate of the VT 'Netgear DGN2200 / DGND3700 Password Disclosure Vulnerability - Active Check' (OID: 1.3.6.1.4.1.25623.1.0.106497). Vulnerability Insight: When the request is processed, it exposes the admin's password in clear text before it gets redirected to absw_vfysucc.cgia. Vulnerability Impact: An attacker can use this password to gain administrator access of the targeted routers web interface. Affected Software/OS: Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50. Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17. Solution: Netgear has released firmware version 1.0.0.52 for DGN2200 and 1.0.0.28 for DGND3700 to address this issue. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5649 http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.