Russian Vulnerability Scanner Database

Back to List

BDU:2017-00203

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Description

Уязвимость встроенного программного обеспечения маршрутизаторов NETGEAR R8500, NETGEAR R8300, NETGEAR R7000, NETGEAR R6400, NETGEAR R7300DST, NETGEAR R7100LG, NETGEAR R6300v2, NETGEAR WNDR3400v3, NETGEAR WNDR3500Lv2, NETGEAR R6250, NETGEAR R6700, NETGEAR R6900, NETGEAR R8000, NETGEAR R7900, NETGEAR WNDR4500v2, NETGEAR R6200v2, NETGEAR WNDR3400v2, NETGEAR D6220, NETGEAR D6400, NETGEAR C6300, NETGEAR R6200, NETGEAR R6300, NETGEAR VENG2610, NETGEAR AC1450, NETGEAR WNDR1000v3, NETGEAR WNDR3700v3, NETGEAR WNDR4000, NETGEAR WNDR4500, NETGEAR D6300, NETGEAR D6300B, NETGEAR DGN2200Bv4, NETGEAR DGN2200v4 связана с некорректной проверкой токена в запросе на восстановление пароля при первом обращении после перезагрузки устройства. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить пароль пользователя путем отправки запроса с токеном восстановления пароля к модулю passwordrecovered.cgi при условии отключенной в настройках устройства функции восстановления пароля, в результате чего в ответной форме будет показан пароль пользователя

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2017-5521

Exploits

Exploit ID: BDU:2017-00203

Source: bdu_exploit

URL: https://bdu.fstec.ru/vul

Exploit ID: 41205

Source: exploitdb

URL: https://www.exploit-db.com/exploits/41205

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5521
http://www.securityfocus.com/bid/95457
http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
http://www.securityfocus.com/bid/95457
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

Recommendations

Source: bdu

Использование рекомендаций производителя:
http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability

URL: https://bdu.fstec.ru/vul/2017-00203

Vulnerable Software (32)

Type: Configuration

Vendor: netgear

Product: ac1450

Operating System: * *

Trait: 
{  "version_end_including": "1.0.0.34_10.0.16"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: c6300

Operating System: * *

Trait: 
{  "version_end_excluding": "2.01.18"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: d6220

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.0.22"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: d6300

Operating System: * *

Trait: 
{  "version_end_including": "1.0.0.96"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: d6300b

Operating System: * *

Trait: 
{  "version_end_including": "1.0.0.40"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: d6400

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.0.56"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: dgn2200bv4

Operating System: * *

Trait: 
{  "version_end_including": "1.0.0.68"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: dgn2200v4

Operating System: * *

Trait: 
{  "version_end_including": "1.0.0.76"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6200

Operating System: * *

Trait: 
{  "version_end_including": "1.0.1.56_1.0.43"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6200v2

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.3.12"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6250

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.4.8"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6300

Operating System: * *

Trait: 
{  "version_end_including": "1.0.2.78_1.0.58"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6300v2

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.4.6"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6400

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.1.18"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6700

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.1.16"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r6900

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.1.16"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r7000

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.7.6"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r7100lg

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.0.28"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r7300dst

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.0.46"}

Source: bdu

Type: Configuration

Vendor: netgear

Product: r7900

Operating System: * *

Trait: 
{  "version_end_excluding": "1.0.1.12"}

Source: bdu