CRITICAL🇬🇧 English

CVE-2016-5649

CVSS 9.8v3.0pub. 2018-07-24upd. 2024-11-21

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Dgn2200

    HW
    Netgear
    wszystkie wersje
  • Netgear Dgn2200 Firmware

    OS
    Netgear
    1.0.0.50_7.0.50
  • Netgear Dgnd3700

    HW
    Netgear
    wszystkie wersje
  • Netgear Dgnd3700 Firmware

    OS
    Netgear
    1.0.0.17_1.0.17
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-6077CRITICAL9.8⚠ KEVten sam produkt

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execu...

CVE-2025-4978CRITICAL9.3PL ✓ten sam produkt

Netgear DGND3700 — pominięcie uwierzytelniania w /BRS_top.html

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...

CVE-2019-17373CRITICAL9.8ten sam produkt

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending wi...

CVE-2024-57046HIGH8.8ten sam produkt

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized...