An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
References
Link | Resource |
---|---|
https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52 | Vendor Advisory |
https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory |
https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ | Exploit Third Party Advisory |
https://www.ise.io/soho_service_hacks/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-11-14 11:15
Updated : 2019-11-20 10:10
NVD link : CVE-2013-3072
Mitre link : CVE-2013-3072
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
netgear
- wndr4700
- wndr4700_firmware