var-201807-0039
Vulnerability from variot
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. Netgear WNDR4500 Firmware contains an information disclosure vulnerability.Information may be obtained. The NetgearWNDR4500 is a wireless router product from NetGear. # Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities
Author: Mandar jadhav
Vendor Homepage: https://www.netgear.com/
CVE's : CVE-2016-5649, CVE-2016-5638
- When processed, it exposes adminas password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access of the targeted routeras web interface.
History
23.06.2016 - Initial contact to Netgear 24.06.2016 - Reported all details to Netgear 01.07.2016 - Email sent to Netgear asking for status update, no response 14.07.2016 - Email sent to Netgear asking for status update, no response 26.07.2016 - Netgear confirms findings 31.08.2016 - Email sent to Netgear asking for status update 02.09.2016 - Received reply from Netgear that they will be releasing a fix for this 23.12.2016 - Netgear informs that vulnerability has been fixed in the new version
Thanks,
Mandar
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4500",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.40_1.0.6877"
},
{
"model": "wndr4500",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "v1.0.1.40_1.0.6877."
},
{
"model": "wndr4500 1.0.1.40 1.0.6877",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wndr4500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav",
"sources": [
{
"db": "PACKETSTORM",
"id": "140342"
}
],
"trust": 0.1
},
"cve": "CVE-2016-5638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5638",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-13982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94457",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5638",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5638",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5638",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-13982",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94457",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5638",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. Netgear WNDR4500 Firmware contains an information disclosure vulnerability.Information may be obtained. The NetgearWNDR4500 is a wireless router product from NetGear. # Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities\n# Author: Mandar jadhav\n# Vendor Homepage: https://www.netgear.com/\n# CVE\u0027s : CVE-2016-5649, CVE-2016-5638\n\n1. When processed, it\nexposes adminas password in clear text before it gets redirected to\nabsw_vfysucc.cgia. An attacker can use this password to gain administrator\naccess of the targeted routeras web interface. \n\n## History\n\n23.06.2016 - Initial contact to Netgear\n24.06.2016 - Reported all details to Netgear\n01.07.2016 - Email sent to Netgear asking for status update, no response\n14.07.2016 - Email sent to Netgear asking for status update, no response\n26.07.2016 - Netgear confirms findings\n31.08.2016 - Email sent to Netgear asking for status update\n02.09.2016 - Received reply from Netgear that they will be releasing a fix\nfor this\n23.12.2016 - Netgear informs that vulnerability has been fixed in the new\nversion\n\n\nThanks,\n\nMandar\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "PACKETSTORM",
"id": "140342"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5638",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "140342",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13982",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-94457",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5638",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "PACKETSTORM",
"id": "140342"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"id": "VAR-201807-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
}
]
},
"last_update_date": "2024-11-23T22:26:17.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netgear.com/"
},
{
"title": "Patch for NetgearWNDR4500 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/135397"
},
{
"title": "Netgear WNDR4500 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-319",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://packetstormsecurity.com/files/140342/netgear-dgn2200-dgnd3700-wndr4500-information-disclosure.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5638"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5638"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5649"
},
{
"trust": 0.1,
"url": "https://www.netgear.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "PACKETSTORM",
"id": "140342"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "PACKETSTORM",
"id": "140342"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-94457"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"date": "2018-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"date": "2017-01-03T10:11:11",
"db": "PACKETSTORM",
"id": "140342"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"date": "2018-07-24T15:29:00.233000",
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-94457"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"date": "2018-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1809"
},
{
"date": "2024-11-21T02:54:44.823000",
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNDR4500 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.