This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
oryginał ENCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear Ac2100
HWNetgearwszystkie wersjeNetgear Ac2100 Firmware
OSNetgear< 1.2.0.76Netgear Ac2400
HWNetgearwszystkie wersjeNetgear Ac2400 Firmware
OSNetgear< 1.2.0.76Netgear Ac2600
HWNetgearwszystkie wersjeNetgear Ac2600 Firmware
OSNetgear< 1.2.0.76Netgear R6020
HWNetgearwszystkie wersjeNetgear R6020 Firmware
OSNetgear< 1.0.0.48Netgear R6080
HWNetgearwszystkie wersjeNetgear R6080 Firmware
OSNetgear< 1.0.0.48Netgear R6120
HWNetgearwszystkie wersjeNetgear R6120 Firmware
OSNetgear< 1.0.0.76Netgear R6220
HWNetgearwszystkie wersjeNetgear R6220 Firmware
OSNetgear< 1.1.0.104Netgear R6230
HWNetgearwszystkie wersjeNetgear R6230 Firmware
OSNetgear< 1.1.0.104Netgear R6260
HWNetgearwszystkie wersjeNetgear R6260 Firmware
OSNetgear< 1.1.0.78Netgear R6330
HWNetgearwszystkie wersjeNetgear R6330 Firmware
OSNetgear< 1.1.0.78Netgear R6350
HWNetgearwszystkie wersjeNetgear R6350 Firmware
OSNetgear< 1.1.0.78Netgear R6700
HWNetgearv2Netgear R6700 Firmware
OSNetgear< 1.2.0.76Netgear R6800
HWNetgearwszystkie wersjeNetgear R6800 Firmware
OSNetgear< 1.2.0.76Netgear R6850
HWNetgearwszystkie wersjeNetgear R6850 Firmware
OSNetgear< 1.1.0.78Netgear R6900
HWNetgearv2Netgear R6900 Firmware
OSNetgear< 1.2.0.76
Powiązane podatności
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...
Command injection w Netgear R6850 poprzez parametr c4-IPAddr
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows ...
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 bef...
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...