cvelistv5 - CVE-2016-5649

CVE-2016-5649

Vulnerability from cvelistv5

Published

2018-07-24 15:00

Modified

2024-08-06 01:08

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html	Third Party Advisory, VDB Entry

Impacted products

Vendor

Product

Version

▼

Netgear

DGN2200

Version: DGN2200-V1.0.0.50_7.0.50

Netgear

DGND3700

Version: DGND3700-V1.0.0.17_1.0.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:08:00.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DGN2200",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "DGN2200-V1.0.0.50_7.0.50"
            }
          ]
        },
        {
          "product": "DGND3700",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "DGND3700-V1.0.0.17_1.0.17"
            }
          ]
        }
      ],
      "datePublic": "2017-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-30T17:06:08",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Netgear DGN2200 and DGND3700 disclose the administrator password",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5649",
          "STATE": "PUBLIC",
          "TITLE": "Netgear DGN2200 and DGND3700 disclose the administrator password"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DGN2200",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "DGN2200-V1.0.0.50_7.0.50",
                            "version_value": "DGN2200-V1.0.0.50_7.0.50"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DGND3700",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "DGND3700-V1.0.0.17_1.0.17",
                            "version_value": "DGND3700-V1.0.0.17_1.0.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Netgear"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5649",
    "datePublished": "2018-07-24T15:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:08:00.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-5649\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-24T15:29:00.280\",\"lastModified\":\"2024-11-21T02:54:45.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.\"},{\"lang\":\"es\",\"value\":\"Hay una vulnerabilidad en la p\u00e1gina \\\"BSW_cxttongr.htm\\\" de Netgear DGN2200, en su versi\u00f3n DGN2200-V1.0.0.50_7.0.50 y DGND3700, en su versi\u00f3n DGND3700-V1.0.0.17_1.0.17, que puede permitir que un atacante remoto acceda a esta p\u00e1gina sin ning\u00fan tipo de autenticaci\u00f3n. Al procesarse, expone la contrase\u00f1a de administrador en texto claro antes de que se redirija a absw_vfysucc.cgia. Un atacante puede emplear esta contrase\u00f1a para obtener acceso de administrador a la interfaz web del router objetivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80499893-9115-49DD-95B9-86FB0DCBA8B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C89394-ED7D-4C5F-9573-47A0378E22C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDC70D5-1652-4EBD-9ADE-83B3B5AD6861\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC17F51-BDB8-4B30-B5E9-557CBDFDE785\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. Netgear DGN2200 and DGND3700 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NETGEAR DGN2200 is a wireless router product from NETGEAR.

Affected Models: Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50 Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17

Solution: Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for DGND3700 to address this issue

SSID & wireless key Disclosure (CVE-2016-5638) There are few web pages associated with the genie app. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.

Affected Models: Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68

Solution: WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any updates for this.

History

23.06.2016 - Initial contact to Netgear 24.06.2016 - Reported all details to Netgear 01.07.2016 - Email sent to Netgear asking for status update, no response 14.07.2016 - Email sent to Netgear asking for status update, no response 26.07.2016 - Netgear confirms findings 31.08.2016 - Email sent to Netgear asking for status update 02.09.2016 - Received reply from Netgear that they will be releasing a fix for this 23.12.2016 - Netgear informs that vulnerability has been fixed in the new version

Thanks,

Mandar

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0040",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dgnd3700",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "1.0.0.17_1.0.17"
      },
      {
        "model": "dgn2200",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "1.0.0.50_7.0.50"
      },
      {
        "model": "dgn2200",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "v1.0.0.50_7.0.50"
      },
      {
        "model": "dgnd3700",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "v1.0.0.17_1.0.17"
      },
      {
        "model": "dgn2200 1.0.0.50 7.0.50",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "dgnd3700 1.0.0.17 1.0.17",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:netgear:dgn2200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:netgear:dgnd3700_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Social Engineering Neo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-5649",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-5649",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-17646",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-94468",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-5649",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-5649",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-5649",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-17646",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1808",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-94468",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-5649",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface. Netgear DGN2200 and DGND3700 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NETGEAR DGN2200 is a wireless router product from NETGEAR. \n\nAffected Models:\nNetgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50\nNetgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17\n\nSolution:\nNetgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for\nDGND3700 to address this issue\n\n2. SSID \u0026 wireless key Disclosure (CVE-2016-5638)\nThere are few web pages associated with the genie app. Genie app adds some\ncapabilities over the Web GUI and can be accessed even when you are away\nfrom home. Once accessed, the page\nwill be redirected to the aCongratulations2.htma page, which reveals some\nsensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID)\nand Network Key (Password) in clear text. \n\nAffected Models:\nNetgear WNDR4500 running firmware version V1.0.1.40_1.0.68\n\nSolution:\nWNDR4500v1 has reached the End of Life so Netgear wonat be releasing any\nupdates for this. \n\n## History\n\n23.06.2016 - Initial contact to Netgear\n24.06.2016 - Reported all details to Netgear\n01.07.2016 - Email sent to Netgear asking for status update, no response\n14.07.2016 - Email sent to Netgear asking for status update, no response\n26.07.2016 - Netgear confirms findings\n31.08.2016 - Email sent to Netgear asking for status update\n02.09.2016 - Received reply from Netgear that they will be releasing a fix\nfor this\n23.12.2016 - Netgear informs that vulnerability has been fixed in the new\nversion\n\n\nThanks,\n\nMandar\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5649",
        "trust": 3.3
      },
      {
        "db": "PACKETSTORM",
        "id": "140342",
        "trust": 3.3
      },
      {
        "db": "PACKETSTORM",
        "id": "152675",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "id": "VAR-201807-0040",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      }
    ],
    "trust": 1.437701455
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:26:17.944000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.netgear.com/"
      },
      {
        "title": "Patch for Netgear DGN2200 Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/138891"
      },
      {
        "title": "Netgear DGN2200 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82592"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://packetstormsecurity.com/files/140342/netgear-dgn2200-dgnd3700-wndr4500-information-disclosure.html"
      },
      {
        "trust": 2.5,
        "url": "http://packetstormsecurity.com/files/152675/netgear-dgn2200-dgnd3700-admin-password-disclosure.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5649"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5649"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5638"
      },
      {
        "trust": 0.1,
        "url": "https://www.netgear.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "date": "2018-07-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "date": "2018-07-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "date": "2017-01-03T10:11:11",
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "date": "2018-07-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "date": "2018-07-24T15:29:00.280000",
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      },
      {
        "date": "2024-11-21T02:54:45.767000",
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Netgear DGN2200 and  DGND3700 Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ],
    "trust": 0.6
  }
}

gsd-2016-5649

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-5649

Aliases

CVE-2016-5649

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5649",
    "description": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.",
    "id": "GSD-2016-5649",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-5649"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5649"
      ],
      "details": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.",
      "id": "GSD-2016-5649",
      "modified": "2023-12-13T01:21:25.818037Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-5649",
        "STATE": "PUBLIC",
        "TITLE": "Netgear DGN2200 and DGND3700 disclose the administrator password"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DGN2200",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "DGN2200-V1.0.0.50_7.0.50",
                          "version_value": "DGN2200-V1.0.0.50_7.0.50"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "DGND3700",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "DGND3700-V1.0.0.17_1.0.17",
                          "version_value": "DGND3700-V1.0.0.17_1.0.17"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Netgear"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-319"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5649"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:18Z",
      "publishedDate": "2018-07-24T15:29Z"
    }
  }
}

ghsa-xgqp-24fp-7v85

Vulnerability from github

Published

2022-05-13 01:38

Modified

2022-05-13 01:38

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-24T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.",
  "id": "GHSA-xgqp-24fp-7v85",
  "modified": "2022-05-13T01:38:47Z",
  "published": "2022-05-13T01:38:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5649"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2016-5649

Vulnerability from fkie_nvd

Published

2018-07-24 15:29

Modified

2024-11-21 02:54

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
netgear	dgn2200_firmware	1.0.0.50_7.0.50
netgear	dgn2200	-
netgear	dgnd3700_firmware	1.0.0.17_1.0.17
netgear	dgnd3700	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "80499893-9115-49DD-95B9-86FB0DCBA8B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C89394-ED7D-4C5F-9573-47A0378E22C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EDC70D5-1652-4EBD-9ADE-83B3B5AD6861",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC17F51-BDB8-4B30-B5E9-557CBDFDE785",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad en la p\u00e1gina \"BSW_cxttongr.htm\" de Netgear DGN2200, en su versi\u00f3n DGN2200-V1.0.0.50_7.0.50 y DGND3700, en su versi\u00f3n DGND3700-V1.0.0.17_1.0.17, que puede permitir que un atacante remoto acceda a esta p\u00e1gina sin ning\u00fan tipo de autenticaci\u00f3n. Al procesarse, expone la contrase\u00f1a de administrador en texto claro antes de que se redirija a absw_vfysucc.cgia. Un atacante puede emplear esta contrase\u00f1a para obtener acceso de administrador a la interfaz web del router objetivo."
    }
  ],
  "id": "CVE-2016-5649",
  "lastModified": "2024-11-21T02:54:45.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-24T15:29:00.280",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-5649

Vulnerability from cvelistv5

var-201807-0040

Vulnerability from variot

History

gsd-2016-5649

Vulnerability from gsd

ghsa-xgqp-24fp-7v85

Vulnerability from github

fkie_cve-2016-5649

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature