NETGEAR WNR1000 'Image' Request Authentication Bypass Vulnerability Network Vulnerability

Summary

This host is running with NETGEAR WNR1000 and prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow attackers to gain administrative access, circumventing existing authentication mechanisms. Impact Level: Application

Solution

Upgrade to NETGEAR with firmware version 1.0.2.60 or later, For updates refer to http://www.netgear.com

Insight

The web server skipping authentication for certain requests that contain a '.jpg' substring. With a specially crafted URL, a remote attacker can bypass authentication and gain access to the device configuration.

Affected

NETGEAR WNR1000v3, firmware version prior to 1.0.2.60

References

http://packetstormsecurity.com/files/121025
http://seclists.org/bugtraq/2013/Apr/5
http://www.exploit-db.com/exploits/24916
http://www.osvdb.org/91871

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Win)
Privilege Escalation Vulnerability in SLURM
ZyXEL ZyWALL Web Configurator Authentication Bypass Vulnerability
SMC2804WBR Default Password
Changetrack Local Privilege Escalation Vulnerability