NetGear WNR1000 Router Remote Authentication Bypass Vulnerability
BID:58792
Info
NetGear WNR1000 Router Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 58792 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2013 12:00AM |
| Updated: | Mar 29 2013 12:00AM |
| Credit: | Roberto Paleari |
| Vulnerable: |
NetGear WNR1000 1.0.1 5 |
| Not Vulnerable: |
NetGear WNR1000 1.0.2 60 |
Discussion
NetGear WNR1000 Router Remote Authentication Bypass Vulnerability
NetGear WNR1000 router is prone to a remote authentication-bypass vulnerability.
Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.
NetGear WNR1000 running firmware prior to version 1.0.2.60 are vulnerable.
NetGear WNR1000 router is prone to a remote authentication-bypass vulnerability.
Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.
NetGear WNR1000 running firmware prior to version 1.0.2.60 are vulnerable.
Exploit / POC
NetGear WNR1000 Router Remote Authentication Bypass Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI and exploit code are available:
http://www.example.com/NETGEAR_fwpt.cfg?.jpg
Attackers can use a browser to exploit this issue.
The following example URI and exploit code are available:
http://www.example.com/NETGEAR_fwpt.cfg?.jpg
Solution / Fix
NetGear WNR1000 Router Remote Authentication Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
NetGear WNR1000 Router Remote Authentication Bypass Vulnerability
References:
References:
- Authentication bypass on Netgear WNR1000 (SecurityFocus)
- WNR1000 Homepage (NetGear)