var-201911-1483
Vulnerability from variot
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http:///apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. NETGEAR Centria WNDR4700 There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified vulnerability that allows unauthenticated attackers to exploit the vulnerability to connect any hardware to the device. No detailed vulnerability details are currently available. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. NetGear WNDR4700 routers running firmware 1.0.0.34 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4700",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "1.0.0.34"
},
{
"model": "wndr4700",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "1.0.0.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wndr4700_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "59304"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3072",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2013-04046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3072",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3072",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3072",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-04046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-497",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. NETGEAR Centria WNDR4700 There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified vulnerability that allows unauthenticated attackers to exploit the vulnerability to connect any hardware to the device. No detailed vulnerability details are currently available. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. \nNetGear WNDR4700 routers running firmware 1.0.0.34 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3072"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3072",
"trust": 3.3
},
{
"db": "BID",
"id": "59304",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04046",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"id": "VAR-201911-1483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
}
]
},
"last_update_date": "2024-08-14T15:02:04.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WNDR4700 Firmware Version 1.0.0.52",
"trust": 0.8,
"url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/23728/wndr4700-firmware-version-1-0-0-52"
},
{
"trust": 1.6,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 1.6,
"url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3072"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3072"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/wndr4700#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"db": "BID",
"id": "59304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59304"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"date": "2013-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"date": "2019-11-14T19:15:11.613000",
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04046"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59304"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006941"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-497"
},
{
"date": "2019-11-20T18:10:14.950000",
"db": "NVD",
"id": "CVE-2013-3072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR Centria WNDR4700 Firmware authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-497"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.