Executive Summary
Summary | |
---|---|
Title | NetGear WNAP210 remote password disclosure and password bypass vulnerability |
Informations | |||
---|---|---|---|
Name | VU#644812 | First vendor Publication | 2011-04-05 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-05 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#644812NetGear WNAP210 remote password disclosure and password bypass vulnerabilityOverviewNetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass.I. DescriptionNetgear's ProSafe Wireless-N Access Point WNAP210 contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrator password. An attacker with network access to the device can navigate to the web page http://NetGearDeviceIP/BackupConfig.php. The attacker will be prompted to download the device's configuration without entering any login credentials. This configuration file will contain the device's administrator password stored in plaintext.A second vulnerability found in Netgear's ProSafe Wireless-N Access Point WNAP210 allows a remote unauthenticated attacker to bypass the device's login web page allowing the attacker to directly access the device's configuration web page. An attacker with network access to the device can navigate to the web page http://NetGearDeviceIP/recreate.php. The web page will display "recreateok". Next the attacker would navigate to the web page http://NetGearDeviceIP/index.php, permitting them direct access to the device's configuration web page without entering any login credentials. This vulnerability has been reported in Netgear's ProSafe Wireless-N Access Point WNAP210 firmware version 2.0.12. Restrict network access
Referenceshttp://www.netgear.com/products/business/access-points-wireless-controllers/access-points/WNAP210.aspx Thanks to Trevor Seward for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/644812 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-310 | Cryptographic Issues |
50 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Hardware | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73422 | NetGear ProSafe WNAP210 recreate.php Configuration Page Remote Authentication... |
73421 | NetGear ProSafe WNAP210 BackupConfig.php Admin Password Remote Disclosure |