NETGEAR WNR1000 'Image' Request Authentication Bypass Vulnerability Network Vulnerability

Summary

This host is running with NETGEAR WNR1000 and prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow attackers to gain administrative access, circumventing existing authentication mechanisms. Impact Level: Application

Solution

Upgrade to NETGEAR with firmware version 1.0.2.60 or later, For updates refer to http://www.netgear.com

Insight

The web server skipping authentication for certain requests that contain a '.jpg' substring. With a specially crafted URL, a remote attacker can bypass authentication and gain access to the device configuration.

Affected

NETGEAR WNR1000v3, firmware version prior to 1.0.2.60

References

http://packetstormsecurity.com/files/121025
http://seclists.org/bugtraq/2013/Apr/5
http://www.exploit-db.com/exploits/24916
http://www.osvdb.org/91871

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Cabletron Web View Administrative Access
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Sun VirtualBox 'VBoxNetAdpCtl' Privilege Escalation Vulnerability
South River Technologies WebDrive Local Privilege Escalation Vulnerability
VMware Product(s) Local Privilege Escalation Vulnerability

Take action and discover your vulnerabilities