NETGEAR WNR1000 'Image' Request Authentication Bypass Vulnerability Network Vulnerability

Summary

This host is running with NETGEAR WNR1000 and prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow attackers to gain administrative access, circumventing existing authentication mechanisms. Impact Level: Application

Solution

Upgrade to NETGEAR with firmware version 1.0.2.60 or later, For updates refer to http://www.netgear.com

Insight

The web server skipping authentication for certain requests that contain a '.jpg' substring. With a specially crafted URL, a remote attacker can bypass authentication and gain access to the device configuration.

Affected

NETGEAR WNR1000v3, firmware version prior to 1.0.2.60

References

http://packetstormsecurity.com/files/121025
http://seclists.org/bugtraq/2013/Apr/5
http://www.exploit-db.com/exploits/24916
http://www.osvdb.org/91871

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Changetrack Local Privilege Escalation Vulnerability
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Cabletron Web View Administrative Access
Mozilla Products Privilege Escalation Vulnerabily (Windows)
SMC2804WBR Default Password