Vulnerabilites related to netgear - wnr500
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 02:45
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | cm400_firmware | * | |
| netgear | cm400 | - | |
| netgear | cm600_firmware | * | |
| netgear | cm600 | - | |
| netgear | d1500_firmware | * | |
| netgear | d1500 | - | |
| netgear | d500_firmware | * | |
| netgear | d500 | - | |
| netgear | dst6501_firmware | * | |
| netgear | dst6501 | - | |
| netgear | jnr1010_firmware | * | |
| netgear | jnr1010 | v1 | |
| netgear | jwnr2000t_firmware | * | |
| netgear | jwnr2000t | v3 | |
| netgear | jwnr2010_firmware | * | |
| netgear | jwnr2010 | v3 | |
| netgear | plw1000_firmware | * | |
| netgear | plw1000 | - | |
| netgear | plw1010_firmware | * | |
| netgear | plw1010 | - | |
| netgear | wnr500_firmware | * | |
| netgear | wnr500 | - | |
| netgear | wnr612_firmware | * | |
| netgear | wnr612 | v3 | |
| netgear | n450_cg3000d_firmware | * | |
| netgear | n450_cg3000d | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cm400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06C1BEEA-AB9E-4BC8-B702-E004FD37B5A2",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cm400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC8E42B-BF1A-47D5-A01F-F1063897D04A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:cm600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B5F803-B95A-4912-8269-50AFDFDC2869",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cm600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EE3F30-5C36-45E1-ACAF-6E73F95C5421",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CB4027-059B-4C3D-B1AB-302FA2C4DB43",
"versionEndExcluding": "1.0.0.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78DC8809-C26D-48D8-9E12-228C3669B824",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04D0E6DA-A492-42CC-8DB7-6901377DA411",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE070E3-C0B1-455F-83A9-5C60C489816F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dst6501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF818C21-36D6-4558-BD30-780333D8CD5C",
"versionEndExcluding": "1.0.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dst6501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "909AF8E7-A2CB-4CB0-A795-FEFBB53D95B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1750A68A-8DD6-4AD1-9421-2F12F0DD823E",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr1010:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4196FE8-4491-442C-96A0-23495165D3B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2000t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E17493-1A3B-4ECE-88AF-5BEF18148464",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2000t:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "62F0E255-EA38-470E-8593-129109C93894",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8759B9-24ED-4DCA-BBF0-B3233F175359",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2010:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "93CD048A-2600-4429-A8EF-285CB514BDF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:plw1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCAD9C5-DAC1-459E-B012-8E908B423FCC",
"versionEndExcluding": "1.0.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:plw1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40BDFBA8-20A4-48BB-BB53-5F395432B4A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:plw1010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA6EEC0-E95B-47F0-85AE-46DB9D72BE1A",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:plw1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48BEE862-6CDE-44B2-B935-895F63DEDFE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "831419B7-507C-4475-91D1-0F194AE58E7F",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543C098D-DD55-459D-A44F-80264FB93755",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E82592CD-8015-439E-9671-158A6A0F6A74",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr612:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B259EC-658D-4E52-8184-3E7881C693FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:n450_cg3000d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9210B9F7-C246-43BC-B024-B2335FFCC513",
"versionEndExcluding": "2017-01-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:n450_cg3000d:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A285B76-7510-4D91-9AD3-CEB410384216",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a CM400 antes del 11-01-2017, CM600 antes del 11-01-2017, D1500 antes del 11-01-2017, D500 antes del 11-01-2017, DST6501 antes del 11-01-2017, JNR1010v1 antes del 11-01-2017, JWNR2000Tv3 antes del 11-01-2017, JWNR2010v3 antes del 11-01-2017, PLW1000 antes del 11-01-2017, PLW1010 antes del 11-01-2017, WNR500 antes del 11-01-2017, WNR612v3 antes del 11-01-2017, N450 antes del 11-01-2017, y CG3000Dv2 antes del 11-01-2017."
}
],
"id": "CVE-2016-11055",
"lastModified": "2024-11-21T02:45:23.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-11055
Vulnerability from cvelistv5
Published
2020-04-28 15:59
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T15:59:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11055",
"datePublished": "2020-04-28T15:59:19",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-06T03:47:34.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202004-1258
Vulnerability from variot
Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information may be tampered with. NETGEAR JNR1010, etc. NETGEAR JNR1010 is a wireless router. NETGEAR PLW1000 is a power line communication modem. NETGEAR CM400 is a modem. An attacker can use a special script to use this vulnerability to log in to the victim's route and change the settings. This affects CM400 prior to 2017-01-11, CM600 prior to 2017-01-11, D1500 prior to 2017-01-11, D500 prior to 2017-01-11, DST6501 prior to 2017-01-11, JNR1010v1 prior to 2017-01-11, JWNR2000Tv3 prior to 2017-01-11, JWNR2010v3 prior to 2017-01-11, PLW1000 prior to 2017-01-11, PLW1010 prior to 2017-01-11, WNR500 prior to 2017-01-11, WNR612v3 prior to 2017-01-11, N450 prior to 2017-01-11, and CG3000Dv2 prior to 2017-01-11
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cm400",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "cm600",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "d1500",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.20"
},
{
"model": "d500",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "dst6501",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.36"
},
{
"model": "jwnr2010",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "plw1000",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.22"
},
{
"model": "plw1010",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "wnr500",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "n450 cg3000d",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "jwnr2000t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "wnr612",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "jnr1010",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "cm400",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "cm600",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "d1500",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.20"
},
{
"model": "d500",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "dst6501",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.36"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "jwnr2000t",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "plw1000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.22"
},
{
"model": "plw1010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/11"
},
{
"model": "jnr1010v1",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "jwnr2000tv3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "wnr612v3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-11"
},
{
"model": "n450 cg3000dv2",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "jnr1010v1",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "jwnr2000tv3",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "d500",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.0.25"
},
{
"model": "d500",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.0.27"
},
{
"model": "d500",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.0.32"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.42"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.44"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.42"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.44"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "plw1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.0.14"
},
{
"model": "plw1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.0.14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:cm400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:cm600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:d1500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:d500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:dst6501_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jnr1010_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jwnr2000t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jwnr2010_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:plw1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:plw1010_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
}
]
},
"cve": "CVE-2016-11055",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-11055",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004888",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-28011",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2016-11055",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004888",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-11055",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004888",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-28011",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2258",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-11055",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
},
{
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information may be tampered with. NETGEAR JNR1010, etc. NETGEAR JNR1010 is a wireless router. NETGEAR PLW1000 is a power line communication modem. NETGEAR CM400 is a modem. An attacker can use a special script to use this vulnerability to log in to the victim\u0027s route and change the settings. This affects CM400 prior to 2017-01-11, CM600 prior to 2017-01-11, D1500 prior to 2017-01-11, D500 prior to 2017-01-11, DST6501 prior to 2017-01-11, JNR1010v1 prior to 2017-01-11, JWNR2000Tv3 prior to 2017-01-11, JWNR2010v3 prior to 2017-01-11, PLW1000 prior to 2017-01-11, PLW1010 prior to 2017-01-11, WNR500 prior to 2017-01-11, WNR612v3 prior to 2017-01-11, N450 prior to 2017-01-11, and CG3000Dv2 prior to 2017-01-11",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-11055"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "VULMON",
"id": "CVE-2016-11055"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-11055",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-28011",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2258",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-11055",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
},
{
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"id": "VAR-202004-1258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
}
],
"trust": 1.274117252307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
}
]
},
"last_update_date": "2024-11-23T22:25:32.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NETGEAR Product Vulnerability Advisory: CSRF / LocalFile / XSS",
"trust": 0.8,
"url": "https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS"
},
{
"title": "Patch for Cross-site request forgery vulnerabilities in multiple NETGEAR products (CNVD-2021-28011)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/257961"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117738"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-11055"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/30114/netgear-product-vulnerability-advisory-csrf-localfile-xss"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-11055"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
},
{
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
},
{
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2258"
},
{
"date": "2020-04-28T16:15:12.497000",
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28011"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-11055"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004888"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2258"
},
{
"date": "2024-11-21T02:45:23.633000",
"db": "NVD",
"id": "CVE-2016-11055"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004888"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2258"
}
],
"trust": 0.6
}
}
var-201411-0508
Vulnerability from variot
Netgear WNR500 is a wireless router product from NetGear. A local file inclusion vulnerability exists in the Netgear WNR500 Router, which is caused by the program's insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information and execute arbitrary local scripts to control applications and computers. Vulnerabilities in Netgear WNR500 using firmware version 1.0.7.2, other versions may also be affected. This could allow the attacker to compromise the application and the computer; other attacks are also possible. It is a simple, secure way to share yourInternet connection and allows you to easily surf the Internet, use email,and have online chats. The quick, CD-less setup can be done through a webbrowser. The small, efficient design fits perfectly into your home.The router suffers from an authenticated file inclusion vulnerability(LFI) when input passed thru the 'getpage' parameter to 'webproc' script isnot properly verified before being used to include files. This can be exploitedto include files from local resources with directory traversal attacks.Tested on: mini_httpd/1.19 19dec2003
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnr500",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.0.7.2"
},
{
"model": "wireless router wnr",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "wnr500 (firmware: 1.0.7.2)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5208"
},
{
"db": "BID",
"id": "70050"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "70050"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [],
"severity": [
{
"author": "ZSL",
"id": "ZSL-2014-5208",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNR500 is a wireless router product from NetGear. \nA local file inclusion vulnerability exists in the Netgear WNR500 Router, which is caused by the program\u0027s insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information and execute arbitrary local scripts to control applications and computers. Vulnerabilities in Netgear WNR500 using firmware version 1.0.7.2, other versions may also be affected. This could allow the attacker to compromise the application and the computer; other attacks are also possible. It is a simple, secure way to share yourInternet connection and allows you to easily surf the Internet, use email,and have online chats. The quick, CD-less setup can be done through a webbrowser. The small, efficient design fits perfectly into your home.The router suffers from an authenticated file inclusion vulnerability(LFI) when input passed thru the \u0027getpage\u0027 parameter to \u0027webproc\u0027 script isnot properly verified before being used to include files. This can be exploitedto include files from local resources with directory traversal attacks.Tested on: mini_httpd/1.19 19dec2003",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
},
{
"db": "BID",
"id": "70050"
},
{
"db": "ZSL",
"id": "ZSL-2014-5208"
}
],
"trust": 0.9
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/netgearwnr500_lfi.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5208"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "70050",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201411-463",
"trust": 0.6
},
{
"db": "ZSL",
"id": "ZSL-2014-5208",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "129223",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014110148",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "35325",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "114967",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5208"
},
{
"db": "BID",
"id": "70050"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
]
},
"id": "VAR-201411-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2022-10-19T22:35:26.185000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/70050"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/support_main.asp"
},
{
"trust": 0.3,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5208.php"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014110148"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/129223"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/35325/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/114967"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5208"
},
{
"db": "BID",
"id": "70050"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5208"
},
{
"db": "BID",
"id": "70050"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-21T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5208"
},
{
"date": "2014-11-21T00:00:00",
"db": "BID",
"id": "70050"
},
{
"date": "2014-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5208"
},
{
"date": "2014-11-21T00:00:00",
"db": "BID",
"id": "70050"
},
{
"date": "2014-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNR500 Router \u2018 webproc \u0027Local file contains vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-463"
}
],
"trust": 0.6
}
}