Summary
This host is running with NETGEAR WNR1000 and prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow attackers to gain administrative access, circumventing existing authentication mechanisms.
Impact Level: Application
Solution
Upgrade to NETGEAR with firmware version 1.0.2.60 or later, For updates refer to http://www.netgear.com
Insight
The web server skipping authentication for certain requests that contain a '.jpg' substring. With a specially crafted URL, a remote attacker can bypass authentication and gain access to the device configuration.
Affected
NETGEAR WNR1000v3, firmware version prior to 1.0.2.60
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- South River Technologies WebDrive Local Privilege Escalation Vulnerability
- Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
- Panda Products Privilege Escalation Vulnerability
- ZyXEL ZyWALL Web Configurator Authentication Bypass Vulnerability
- Trend Micro Web Management Authentication Bypass Vulnerability