Thứ Bảy, 23 tháng 11, 2013

Netgear WNDR3700 Bypass

Date Disclosed:
10/31/2013

Date Patched:
No patch available.

Vendor:
Netgear
Affected Software:

WNDR4700 router
WNDR3700v4 router
Possibly other routers
1.0.1.42 firmware and prior
Description:

Affected devices are vulnerable to a security bypass flaw that permits attackers to access any part of the management interface of the device. If remote administration is enabled, this can be exploited from the Internet.
Severity:
High
Code Execution:
No
Impact:

Security Bypass
This vulnerability allows an attacker to bypass certain security restrictions on the system, allowing the attacker to gain unauthorized access to the system.
Mitigation:
To help mitigate WAN-based attacks, disable the administration interface for non-local network addresses.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 31286 - Netgear WNDR3700 Bypass (20131031) (Zero-Day)
  • 31234 - Multiple Router Vendor ping6 Command Injection (Zero-Day) - Remote
Links:

Status:
2013-10-31: Original Disclosure

Không có nhận xét nào:

Đăng nhận xét