CVE-2021-35973
Summary
| CVE | CVE-2021-35973 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-30 15:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). |
Risk And Classification
Problem Types: CWE-697
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Netgear | Wac104 | - | All | All | All |
| Operating System | Netgear | Wac104 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Gears of Chaos vulnerability chain (NETGEAR WAC104 access point) - gynvael.coldwind//vx.log | MISC | gynvael.coldwind.pl | |
| Security Advisory for Authentication Bypass on WAC104, PSV-2021-0075 | Answer | NETGEAR Support | MISC | kb.netgear.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.