Vulnerabilites related to netgear - wndr4700
cve-2013-3069
Vulnerability from cvelistv5
Published
2014-04-25 17:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf | x_refsource_MISC | |
| http://osvdb.org/92557 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "92557",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "92557",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92557"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "92557",
"refsource": "OSVDB",
"url": "http://osvdb.org/92557"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3069",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:10.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3070
Vulnerability from cvelistv5
Published
2019-11-14 18:42
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
| https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf | x_refsource_MISC | |
| https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only | x_refsource_CONFIRM | |
| https://www.securityfocus.com/bid/59308 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/59308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T18:42:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/59308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
"refsource": "MISC",
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"name": "https://www.securityfocus.com/bid/59308",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/59308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3070",
"datePublished": "2019-11-14T18:42:39",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10174
Vulnerability from cvelistv5
Published
2017-01-30 04:24
Modified
2025-02-04 21:05
Severity ?
EPSS score ?
Summary
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Dec/72 | x_refsource_MISC | |
| https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95867 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/41719/ | exploit, x_refsource_EXPLOIT-DB | |
| http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/40949/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"name": "95867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"name": "41719",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"name": "40949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40949/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-10174",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:00:58.307508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-10174"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T21:05:08.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"name": "95867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"name": "41719",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"name": "40949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40949/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2016/Dec/72",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"name": "95867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95867"
},
{
"name": "41719",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"name": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability",
"refsource": "MISC",
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"name": "40949",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40949/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10174",
"datePublished": "2017-01-30T04:24:00.000Z",
"dateReserved": "2017-01-29T00:00:00.000Z",
"dateUpdated": "2025-02-04T21:05:08.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3072
Vulnerability from cvelistv5
Published
2019-11-14 18:11
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
| https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52 | x_refsource_CONFIRM | |
| https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T18:11:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
},
{
"name": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/",
"refsource": "MISC",
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3072",
"datePublished": "2019-11-14T18:11:10",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3071
Vulnerability from cvelistv5
Published
2020-01-28 20:03
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.securityfocus.com/bid/59406 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/59406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T20:03:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/59406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59406",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/59406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3071",
"datePublished": "2020-01-28T20:03:19",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3074
Vulnerability from cvelistv5
Published
2020-01-28 20:07
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.securityfocus.com/bid/59303 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/59303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T20:07:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/59303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59303",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/59303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3074",
"datePublished": "2020-01-28T20:07:50",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3073
Vulnerability from cvelistv5
Published
2019-11-14 17:47
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
| https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf | x_refsource_MISC | |
| https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only | x_refsource_CONFIRM | |
| https://vuldb.com/?id.8471 | x_refsource_MISC | |
| https://www.securityfocus.com/bid/59307 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.8471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/59307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T17:55:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.8471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/59307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
"refsource": "MISC",
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"name": "https://vuldb.com/?id.8471",
"refsource": "MISC",
"url": "https://vuldb.com/?id.8471"
},
{
"name": "https://www.securityfocus.com/bid/59307",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/59307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3073",
"datePublished": "2019-11-14T17:47:51",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-14 19:15
Modified
2024-11-21 01:52
Severity ?
Summary
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52 | Vendor Advisory | |
| cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr4700_firmware | 1.0.0.34 | |
| netgear | wndr4700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:1.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC40212-23E2-4E0C-816E-4CFF7B749266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
},
{
"lang": "es",
"value": "Tiene una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en NETGEAR Centria WNDR4700 Versi\u00f3n de Firmware 1.0.0.34 en http:///apply.cgi?/hdd_usr_setup.htm, que cuando es visitado por cualquier usuario, autenticado o no, causa que el router ya no requiera una contrase\u00f1a para acceder al portal de administraci\u00f3n web."
}
],
"id": "CVE-2013-3072",
"lastModified": "2024-11-21T01:52:56.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T19:15:11.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/soho_service_hacks/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-28 21:15
Modified
2024-11-21 01:52
Severity ?
Summary
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.securityfocus.com/bid/59303 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/59303 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr4700_firmware | 1.0.0.34 | |
| netgear | wndr4700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:1.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC40212-23E2-4E0C-816E-4CFF7B749266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
},
{
"lang": "es",
"value": "Los dispositivos NetGear WNDR4700 Media Server con versi\u00f3n de firmware 1.0.0.34, permiten a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del dispositivo)."
}
],
"id": "CVE-2013-3074",
"lastModified": "2024-11-21T01:52:57.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-28T21:15:11.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59303"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 04:59
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
References
Impacted products
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7C04A4-4B5C-42D8-A6C7-8DAFCC53C0BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFD1E86-F100-4E46-935D-903EB6FEFE9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826E2415-7EB3-4F34-8C9D-87A89BB9D6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C0A12D-9EEE-4DFC-8985-53D06240BBB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7617F12-EFCC-4771-AC36-CB91E36DC7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A302BB-1250-439A-947A-5727DB1CE88E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5865C3F2-1BE0-476B-A70F-A0CB01CD71EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64CA12CC-48D8-4510-983C-8350A87CD5D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66148F9B-3495-4A62-83E7-14ADD4AC1F37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3674693F-8324-4279-A402-556D5C6F31B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E70DB74E-A2E6-4F71-A066-282DC90DB603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1D13C3-5663-447F-9FD9-71EBEC471DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC498419-5D49-45D7-A941-3F7FBD4CA79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F44A123-B256-428B-98C2-17570F2F32DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2513FC0E-56A6-4E13-9F08-015B3DD22229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17340C25-0B87-4AE3-B11E-B5B2367823A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3B3F26-401C-4ED0-B871-4B4F8521F369",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB56E2-AFE5-4B5A-8B08-FF76188217D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCA6487-57EC-4630-884F-820BBFE25843",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0D1BE2-6B68-4064-8DEF-FF56452E37B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF63301F-C798-471E-ABF7-5A7E72E8588C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "372A00D7-2C17-4CFB-8C6C-B4A2D9443FD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402B39A6-D278-4738-88C6-D617A0DF6C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E801800-09A8-49EA-AE45-A7720911BACF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1413C591-D066-4FA2-BEB1-6C60F8645F28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9189156F-2F3A-4D2E-80DC-DE626F1A179E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512AD9E6-F154-483D-AA18-3302CEBB5B79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "606272E4-3ABE-4AB8-B84A-51FCDA997497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA7C60F-8806-476C-A833-44E2BE66265B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B326E770-649F-40DC-8C54-AA388D6085AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1229CFBE-D9F1-4B1E-B92F-66348D93A398",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A030BB-2FE4-4F97-95D0-4DFF9D8CC185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAC455A-F8C4-483E-9C50-9992014B12E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56B2CEC3-8C68-4089-861F-1BAC937204C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9F1804-DD77-4238-ABF1-51C735128692",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BBF3EA-0F98-4A99-8312-30E1E47AC4C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E58ACE-8833-4630-948B-D35999A4FCDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AE1DD1-5DB7-403A-805B-EDB364EF28D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F024A464-DB7D-4F6E-A951-3D8068F86470",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "671EC923-DC84-47D6-B943-0F7DA8168334",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E56E01-D7C9-4E5A-B6AC-45293C063ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F92579-8564-4D8A-A14E-259F3DDA214F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9877579C-D214-4605-93AA-2B78914CF33C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7CDC0-9FBB-408E-B5D2-376C8B4B869B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94B74E4A-3E2F-4CB1-B33D-8618ED1C7E9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC90CD42-D38E-4927-BF49-DDC9CD84F36E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9EF618-6194-4127-BD60-FB0E645C8993",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A638-81E6-4257-9BB9-79C8662A6499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A668E-4A30-4364-AF7A-F3C814BBAACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C04DE-CCDF-4231-B8CF-5067318D3EED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAA7BF1-2DFE-4ADA-B3A7-F33EEAAC5962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
},
{
"lang": "es",
"value": "El router NETGEAR WNR2000v5 contiene un desbordamiento de b\u00fafer en el par\u00e1metro hidden_lang_avi al invocar a la URL /apply.cgi?/lang_check.html. Este desbordamiento de b\u00fafer puede ser explotado por un atacante no autenticado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2016-10174",
"lastModified": "2025-02-04T21:15:09.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2017-01-30T04:59:00.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40949/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40949/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41719/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 18:15
Modified
2024-11-21 01:52
Severity ?
Summary
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr4700_firmware | 1.0.0.34 | |
| netgear | wndr4700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:1.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC40212-23E2-4E0C-816E-4CFF7B749266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
},
{
"lang": "es",
"value": "Tiene una vulnerabilidad de salto de Enlace Simb\u00f3lico en NETGEAR Centria WNDR4700 Versi\u00f3n de Firmware 1.0.0.34."
}
],
"id": "CVE-2013-3073",
"lastModified": "2024-11-21T01:52:56.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T18:15:11.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.8471"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.8471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-25 17:12
Modified
2024-11-21 01:52
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr4700_firmware | 1.0.0.34 | |
| netgear | wndr4700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:1.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC40212-23E2-4E0C-816E-4CFF7B749266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en NETGEAR WNDR4700 con firmware 1.0.0.34 permiten a usuarios remotos autenticados inyectar sc4ript Web o HTML arbitrarios a trav\u00e9s de (1) UserName o (2) Password hacia la p\u00e1gina NAS User Setup, (3) deviceName hacia USB_advanced.htm o (4) Network Key hacia la p\u00e1gina Wireless Setup."
}
],
"id": "CVE-2013-3069",
"lastModified": "2024-11-21T01:52:56.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T17:12:03.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/92557"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 19:15
Modified
2024-11-21 01:52
Severity ?
Summary
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr4700_firmware | 1.0.0.34 | |
| netgear | wndr4700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:1.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC40212-23E2-4E0C-816E-4CFF7B749266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
},
{
"lang": "es",
"value": "Tiene una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n en Netgear WNDR4700 ejecutando el firmware 1.0.0.34 en la interfaz web de administraci\u00f3n, que revela el PSK de la LAN inal\u00e1mbrica."
}
],
"id": "CVE-2013-3070",
"lastModified": "2024-11-21T01:52:56.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T19:15:11.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-28 21:15
Modified
2024-11-21 01:52
Severity ?
Summary
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.securityfocus.com/bid/59406 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/59406 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr4700_firmware | 1.0.0.34 | |
| netgear | wndr4700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:1.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC40212-23E2-4E0C-816E-4CFF7B749266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
},
{
"lang": "es",
"value": "Los dispositivos NETGEAR Centria WNDR4700 con versi\u00f3n de firmware 1.0.0.34, permiten una omisi\u00f3n de autenticaci\u00f3n."
}
],
"id": "CVE-2013-3071",
"lastModified": "2024-11-21T01:52:56.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-28T21:15:11.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/59406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201911-1482
Vulnerability from variot
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. The Netgear WNDR4700 is a wireless router device. The NetgearWNDR4700 has an unspecified security vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. There are no detailed vulnerability details available. NetGear WNDR4700 is prone to an unspecified information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"db": "BID",
"id": "59308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wndr4700_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "59308"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3070",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-04044",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3070",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3070",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3070",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3070",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-04044",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-499",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
},
{
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. The Netgear WNDR4700 is a wireless router device. The NetgearWNDR4700 has an unspecified security vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. There are no detailed vulnerability details available. NetGear WNDR4700 is prone to an unspecified information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3070"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"db": "BID",
"id": "59308"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3070",
"trust": 3.3
},
{
"db": "BID",
"id": "59308",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-499",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"db": "BID",
"id": "59308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
},
{
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"id": "VAR-201911-1482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
}
]
},
"last_update_date": "2024-08-14T14:04:08.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR3700v4 Firmware Version 1.0.1.52 (Except China and Russia Only)",
"trust": 0.8,
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 1.6,
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/24413/wndr3700v4-firmware-version-1-0-1-52-except-china-and-russia-only"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/59308"
},
{
"trust": 1.6,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3070"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3070"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"db": "BID",
"id": "59308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
},
{
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"db": "BID",
"id": "59308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
},
{
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59308"
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-499"
},
{
"date": "2019-11-14T19:15:11.533000",
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04044"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59308"
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006934"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-499"
},
{
"date": "2019-11-18T14:17:11.310000",
"db": "NVD",
"id": "CVE-2013-3070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNDR4700 Vulnerability related to information disclosure in running firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006934"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-499"
}
],
"trust": 0.6
}
}
var-202001-0882
Vulnerability from variot
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). The NetgearWNDR4700 is a wireless router device. No detailed details of the vulnerability are currently available. NetGear WNDR4700 1.0.0.34 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0882",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"db": "BID",
"id": "59303"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "59303"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-498"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3074",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3074",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-04048",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3074",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3074",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3074",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3074",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-04048",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). The NetgearWNDR4700 is a wireless router device. No detailed details of the vulnerability are currently available. \nNetGear WNDR4700 1.0.0.34 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3074"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"db": "BID",
"id": "59303"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3074",
"trust": 3.3
},
{
"db": "BID",
"id": "59303",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04048",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-498",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"db": "BID",
"id": "59303"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-498"
},
{
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"id": "VAR-202001-0882",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
}
]
},
"last_update_date": "2024-08-14T14:38:39.140000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR4700\u00a0Firmware\u00a0Version\u00a01.0.0.52",
"trust": 0.8,
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "Resource depletion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.securityfocus.com/bid/59303"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3074"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"db": "BID",
"id": "59303"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-498"
},
{
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"db": "BID",
"id": "59303"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-498"
},
{
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59303"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-498"
},
{
"date": "2020-01-28T21:15:11.497000",
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04048"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59303"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007096"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-498"
},
{
"date": "2020-01-30T16:45:40.740000",
"db": "NVD",
"id": "CVE-2013-3074"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-498"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetGear\u00a0WNDR4700\u00a0Media\u00a0Server\u00a0 Device firmware vulnerabilities related to resource depletion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-498"
}
],
"trust": 0.6
}
}
var-201911-1480
Vulnerability from variot
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. NETGEAR Centria WNDR4700 The firmware contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a limited path traversal problem. Because the application does not properly filter the user-submitted input, a directory traversal attack (such as ../../) can be performed in SMB via symbolic links. NetGear WNDR4700 is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the restricted directory to obtain sensitive information and perform other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"db": "BID",
"id": "59307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wndr4700_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59307"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3073",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3073",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-04047",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3073",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3073",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3073",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3073",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-04047",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-500",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
},
{
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. NETGEAR Centria WNDR4700 The firmware contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a limited path traversal problem. Because the application does not properly filter the user-submitted input, a directory traversal attack (such as ../../) can be performed in SMB via symbolic links. NetGear WNDR4700 is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploits would allow an attacker to access files outside of the restricted directory to obtain sensitive information and perform other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3073"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"db": "BID",
"id": "59307"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3073",
"trust": 3.3
},
{
"db": "BID",
"id": "59307",
"trust": 2.5
},
{
"db": "VULDB",
"id": "8471",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04047",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-500",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"db": "BID",
"id": "59307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
},
{
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"id": "VAR-201911-1480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
}
]
},
"last_update_date": "2024-08-14T14:50:56.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR3700v4 Firmware Version 1.0.1.52 (Except China and Russia Only)",
"trust": 0.8,
"url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 1.6,
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/59307"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/24413/wndr3700v4-firmware-version-1-0-1-52-except-china-and-russia-only"
},
{
"trust": 1.6,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 1.6,
"url": "https://vuldb.com/?id.8471"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3073"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3073"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"db": "BID",
"id": "59307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
},
{
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"db": "BID",
"id": "59307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
},
{
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59307"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-500"
},
{
"date": "2019-11-14T18:15:11.467000",
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04047"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59307"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006940"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-500"
},
{
"date": "2019-11-20T20:44:49.783000",
"db": "NVD",
"id": "CVE-2013-3073"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR Centria WNDR4700 Path traversal vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006940"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-500"
}
],
"trust": 0.6
}
}
var-202001-0884
Vulnerability from variot
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. NetGear WNDR4700 Media Server An authentication vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified security vulnerability. After an attacker accesses the BRS_03B_haveBackupFile_fileRestore.html page, the administrator can access the administrator interface without a username or password. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the restricted functionality of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0884",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"db": "BID",
"id": "59406"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "59406"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-132"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3071",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3071",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-04045",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3071",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3071",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3071",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3071",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-04045",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. NetGear WNDR4700 Media Server An authentication vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified security vulnerability. After an attacker accesses the BRS_03B_haveBackupFile_fileRestore.html page, the administrator can access the administrator interface without a username or password. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the restricted functionality of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3071"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"db": "BID",
"id": "59406"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3071",
"trust": 3.3
},
{
"db": "BID",
"id": "59406",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04045",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-132",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"db": "BID",
"id": "59406"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-132"
},
{
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"id": "VAR-202001-0884",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
}
]
},
"last_update_date": "2024-08-14T14:38:39.108000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR4700\u00a0Firmware\u00a0Version\u00a01.0.0.52",
"trust": 0.8,
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Incorrect authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.securityfocus.com/bid/59406"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3071"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"db": "BID",
"id": "59406"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-132"
},
{
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"db": "BID",
"id": "59406"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-132"
},
{
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59406"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"date": "2013-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-132"
},
{
"date": "2020-01-28T21:15:11.437000",
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04045"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59406"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007095"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-132"
},
{
"date": "2020-01-30T20:10:10.857000",
"db": "NVD",
"id": "CVE-2013-3071"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-132"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetGear\u00a0WNDR4700\u00a0Media\u00a0Server\u00a0 Authentication vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-132"
}
],
"trust": 0.6
}
}
var-201911-1483
Vulnerability from variot
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http:///apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. NETGEAR Centria WNDR4700 There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified vulnerability that allows unauthenticated attackers to exploit the vulnerability to connect any hardware to the device. No detailed vulnerability details are currently available. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. NetGear WNDR4700 routers running firmware 1.0.0.34 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wndr4700_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "59304"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3072",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2013-04046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3072",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3072",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3072",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-04046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-497",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. NETGEAR Centria WNDR4700 There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified vulnerability that allows unauthenticated attackers to exploit the vulnerability to connect any hardware to the device. No detailed vulnerability details are currently available. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. \nNetGear WNDR4700 routers running firmware 1.0.0.34 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3072"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3072",
"trust": 3.3
},
{
"db": "BID",
"id": "59304",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04046",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"id": "VAR-201911-1483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
}
]
},
"last_update_date": "2024-08-14T15:02:04.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR4700 Firmware Version 1.0.0.52",
"trust": 0.8,
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/23728/wndr4700-firmware-version-1-0-0-52"
},
{
"trust": 1.6,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 1.6,
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3072"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3072"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59304"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"date": "2019-11-14T19:15:11.613000",
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59304"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"date": "2019-11-20T18:10:14.950000",
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR Centria WNDR4700 Firmware authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
}
],
"trust": 0.6
}
}
var-201404-0101
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a remote cross-site scripting attack that allows remote attackers to exploit exploits to build specially crafted URIs that trick users into parsing, gaining sensitive information or hijacking user sessions. NetGear WNDR4700 is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetGear WNDR4700 running firmware 1.0.0.34 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 2.5,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4700",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "BID",
"id": "59306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:wndr4700",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndr4700_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59306"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-3069",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-04043",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-63071",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3069",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-3069",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2013-04043",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-495",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-63071",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "VULHUB",
"id": "VHN-63071"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a remote cross-site scripting attack that allows remote attackers to exploit exploits to build specially crafted URIs that trick users into parsing, gaining sensitive information or hijacking user sessions. NetGear WNDR4700 is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nNetGear WNDR4700 running firmware 1.0.0.34 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3069"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "BID",
"id": "59306"
},
{
"db": "VULHUB",
"id": "VHN-63071"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3069",
"trust": 3.4
},
{
"db": "OSVDB",
"id": "92557",
"trust": 1.7
},
{
"db": "BID",
"id": "59306",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-04043",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63071",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "VULHUB",
"id": "VHN-63071"
},
{
"db": "BID",
"id": "59306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"id": "VAR-201404-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "VULHUB",
"id": "VHN-63071"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
}
]
},
"last_update_date": "2024-08-14T15:30:12.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR4700 Firmware Version 1.0.0.52",
"trust": 0.8,
"url": "http://kb.netgear.com/app/answers/detail/a_id/23728/~/wndr4700-firmware-version-1.0.0.52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63071"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 1.7,
"url": "http://osvdb.org/92557"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3069"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3069"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59306"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "VULHUB",
"id": "VHN-63071"
},
{
"db": "BID",
"id": "59306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "VULHUB",
"id": "VHN-63071"
},
{
"db": "BID",
"id": "59306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"date": "2014-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-63071"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59306"
},
{
"date": "2014-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"date": "2014-04-25T17:12:03.097000",
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"date": "2014-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-63071"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59306"
},
{
"date": "2014-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006358"
},
{
"date": "2014-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-495"
},
{
"date": "2014-04-25T18:07:16.803000",
"db": "NVD",
"id": "CVE-2013-3069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNDR4700 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04043"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-495"
}
],
"trust": 0.6
}
}
var-201701-0161
Vulnerability from variot
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wnr2000v5",
"scope": null,
"trust": 1.6,
"vendor": "net gear",
"version": null
},
{
"_id": null,
"model": "wnr2000v3",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wndr4500v3",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2000v5",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2050",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2000v4",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wndr4300",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2500",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "d7800",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr1000v2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "d6100",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "r7500v2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "r2000",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wndr3700v4",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr614",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wndr3800",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wndr4700",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr1000v4",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "r6100",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "jnr3300",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "jwnr2010v5",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "r6220",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2020",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2200",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wndr4300v2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr618",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "r7500",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "d7000",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "jnr1010v2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "wnr2000",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5"
},
{
"_id": null,
"model": "wnr2000v5",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "BID",
"id": "95867"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
},
{
"db": "NVD",
"id": "CVE-2016-10174"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:wnr2000v5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnr2000v5_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
}
]
},
"credits": {
"_id": null,
"data": "Pedro Ribeiro.",
"sources": [
{
"db": "BID",
"id": "95867"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10174",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10174",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01201",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-88924",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10174",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10174",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10174",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10174",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-01201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-105",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-88924",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-10174",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "VULHUB",
"id": "VHN-88924"
},
{
"db": "VULMON",
"id": "CVE-2016-10174"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
},
{
"db": "NVD",
"id": "CVE-2016-10174"
}
]
},
"description": {
"_id": null,
"data": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information disclosure vulnerability\n3. Failed exploit attempts will likely cause a denial-of-service condition. \nNetgear WNR2000 firmware version 5 is affected; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10174"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "BID",
"id": "95867"
},
{
"db": "VULHUB",
"id": "VHN-88924"
},
{
"db": "VULMON",
"id": "CVE-2016-10174"
}
],
"trust": 2.61
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41719",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-88924",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88924"
},
{
"db": "VULMON",
"id": "CVE-2016-10174"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-10174",
"trust": 3.5
},
{
"db": "BID",
"id": "95867",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "40949",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "41719",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01201",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141806",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88924",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-10174",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "VULHUB",
"id": "VHN-88924"
},
{
"db": "VULMON",
"id": "CVE-2016-10174"
},
{
"db": "BID",
"id": "95867"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
},
{
"db": "NVD",
"id": "CVE-2016-10174"
}
]
},
"id": "VAR-201701-0161",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "VULHUB",
"id": "VHN-88924"
}
],
"trust": 1.349292958888889
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
}
]
},
"last_update_date": "2024-11-23T21:42:11.569000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255",
"trust": 0.8,
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"title": "NETGEARWNR2000v5routerhidden_lang_avi patch overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89178"
},
{
"title": "NETGEAR WNR2000v5 Repair measures for router buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67476"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "VULMON",
"id": "CVE-2016-10174"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88924"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "NVD",
"id": "CVE-2016-10174"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt"
},
{
"trust": 2.4,
"url": "http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/95867"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/dec/72"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/40949/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10174"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10174"
},
{
"trust": 0.3,
"url": "http://www.netgear.com"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2017/jan/88"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/netgear_wnr2000_rce"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01201"
},
{
"db": "VULHUB",
"id": "VHN-88924"
},
{
"db": "VULMON",
"id": "CVE-2016-10174"
},
{
"db": "BID",
"id": "95867"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
},
{
"db": "NVD",
"id": "CVE-2016-10174"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01201",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-88924",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2016-10174",
"ident": null
},
{
"db": "BID",
"id": "95867",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007707",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-105",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-10174",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01201",
"ident": null
},
{
"date": "2017-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-88924",
"ident": null
},
{
"date": "2017-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-10174",
"ident": null
},
{
"date": "2017-01-30T00:00:00",
"db": "BID",
"id": "95867",
"ident": null
},
{
"date": "2017-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007707",
"ident": null
},
{
"date": "2017-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-105",
"ident": null
},
{
"date": "2017-01-30T04:59:00.157000",
"db": "NVD",
"id": "CVE-2016-10174",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01201",
"ident": null
},
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-88924",
"ident": null
},
{
"date": "2017-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-10174",
"ident": null
},
{
"date": "2017-02-02T01:03:00",
"db": "BID",
"id": "95867",
"ident": null
},
{
"date": "2017-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007707",
"ident": null
},
{
"date": "2017-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-105",
"ident": null
},
{
"date": "2024-11-21T02:43:28.730000",
"db": "NVD",
"id": "CVE-2016-10174",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "NETGEAR WNR2000v5 Router buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007707"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-105"
}
],
"trust": 0.6
}
}
var-201409-0058
Vulnerability from variot
Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. The Netgear WNDR4700 is a wireless router device. No detailed vulnerability details are currently available. NetGear WNDR4700 is prone to an unspecified information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ea6500",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.1.28.147876"
},
{
"model": "ea6500",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": null
},
{
"model": "ea6500",
"scope": null,
"trust": 0.8,
"vendor": "cisco linksys",
"version": null
},
{
"model": "ea6500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.1.28.147876"
},
{
"model": "wndr4700",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "BID",
"id": "59305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:linksys:ea6500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:linksys:ea6500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "59305"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3066",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-04042",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-63068",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3066",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3066",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-04042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63068",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-3066",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "VULHUB",
"id": "VHN-63068"
},
{
"db": "VULMON",
"id": "CVE-2013-3066"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. The Netgear WNDR4700 is a wireless router device. No detailed vulnerability details are currently available. NetGear WNDR4700 is prone to an unspecified information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3066"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "BID",
"id": "59305"
},
{
"db": "VULHUB",
"id": "VHN-63068"
},
{
"db": "VULMON",
"id": "CVE-2013-3066"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3066",
"trust": 3.5
},
{
"db": "BID",
"id": "59305",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-04042",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63068",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3066",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "VULHUB",
"id": "VHN-63068"
},
{
"db": "VULMON",
"id": "CVE-2013-3066"
},
{
"db": "BID",
"id": "59305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"id": "VAR-201409-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "VULHUB",
"id": "VHN-63068"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
}
]
},
"last_update_date": "2024-08-14T14:58:09.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys Home Networking",
"trust": 0.8,
"url": "http://www.linksys.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63068"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php"
},
{
"trust": 1.8,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3066"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3066"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/59305"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "VULHUB",
"id": "VHN-63068"
},
{
"db": "VULMON",
"id": "CVE-2013-3066"
},
{
"db": "BID",
"id": "59305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"db": "VULHUB",
"id": "VHN-63068"
},
{
"db": "VULMON",
"id": "CVE-2013-3066"
},
{
"db": "BID",
"id": "59305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"date": "2014-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63068"
},
{
"date": "2014-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3066"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59305"
},
{
"date": "2014-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"date": "2014-09-29T22:55:08.237000",
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04042"
},
{
"date": "2014-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63068"
},
{
"date": "2014-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3066"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59305"
},
{
"date": "2014-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006648"
},
{
"date": "2014-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-496"
},
{
"date": "2014-09-30T18:25:30.117000",
"db": "NVD",
"id": "CVE-2013-3066"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys EA6500 Vulnerability in which important information is obtained in the firmware of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-496"
}
],
"trust": 0.6
}
}