cnvd - cnvd-2022-06703

CNVD-2022-06703

Vulnerability from cnvd - Published: 2022-01-25

Title

NETGEAR R7450访问控制错误漏洞

Description

NETGEAR R7450是美国网件（Netgear）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 Netgear R7450 1.2.0.62_1.0.1 routers存在访问控制错误漏洞，该漏洞缺乏适当的访问控制，攻击者可利用该漏洞披露受安装影响的敏感信息。

Severity

低

Patch Name

NETGEAR R7450访问控制错误漏洞的补丁

Patch Description

NETGEAR R7450是美国网件（Netgear）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 Netgear R7450 1.2.0.62_1.0.1 routers存在访问控制错误漏洞，该漏洞缺乏适当的访问控制，攻击者可利用该漏洞披露受安装影响的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-27873

Impacted products

Name
NETGEAR R7450 1.2.0.62_1.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-27873",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-27873"
    }
  },
  "description": "NETGEAR R7450\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08Netgear\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8fde\u63a5\u4e24\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u7684\u786c\u4ef6\u8bbe\u5907\uff0c\u5728\u7f51\u7edc\u95f4\u8d77\u7f51\u5173\u7684\u4f5c\u7528\u3002\n\nNetgear R7450 1.2.0.62_1.0.1 routers\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7f3a\u4e4f\u9002\u5f53\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u62ab\u9732\u53d7\u5b89\u88c5\u5f71\u54cd\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-06703",
  "openTime": "2022-01-25",
  "patchDescription": "NETGEAR R7450\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08Netgear\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8fde\u63a5\u4e24\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u7684\u786c\u4ef6\u8bbe\u5907\uff0c\u5728\u7f51\u7edc\u95f4\u8d77\u7f51\u5173\u7684\u4f5c\u7528\u3002\r\n\r\nNetgear R7450 1.2.0.62_1.0.1 routers\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7f3a\u4e4f\u9002\u5f53\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u62ab\u9732\u53d7\u5b89\u88c5\u5f71\u54cd\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NETGEAR R7450\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NETGEAR R7450 1.2.0.62_1.0.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-27873",
  "serverity": "\u4f4e",
  "submitTime": "2021-02-06",
  "title": "NETGEAR R7450\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-27873 (GCVE-0-2020-27873)

Vulnerability from cvelistv5 – Published: 2021-02-04 16:45 – Updated: 2024-08-04 16:25

Summary

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-284 - Improper Access Control

Assigner

zdi

References

URL

Tags

	https://kb.netgear.com/000062641/Security-Advisor…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	NETGEAR	R7450	Affected: 1.2.0.62_1.0.1

Credits

1sd3d of Viettel Cyber Security

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R7450",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0.62_1.0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "1sd3d of Viettel Cyber Security"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T16:45:18",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2020-27873",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "R7450",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.2.0.62_1.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NETGEAR"
              }
            ]
          }
        },
        "credit": "1sd3d of Viettel Cyber Security",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284: Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
              "refsource": "MISC",
              "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-072/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2020-27873",
    "datePublished": "2021-02-04T16:45:18",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-08-04T16:25:43.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-06703

CVE-2020-27873 (GCVE-0-2020-27873)

Tags

Sightings

Nomenclature