Vulnerability-Lookup

CVE-2007-4361 (GCVE-0-2007-4361)

Vulnerability from cvelistv5 – Published: 2007-08-15 19:00 – Updated: 2024-08-07 14:53

Summary

NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/476266/100…	mailing-listx_refsource_BUGTRAQ
http://www.infrant.com/forum/viewtopic.php?t=12249	x_refsource_CONFIRM
http://secunia.com/advisories/26442	third-party-advisoryx_refsource_SECUNIA
http://www.infrant.com/forum/viewtopic.php?t=12313	x_refsource_CONFIRM
http://securityreason.com/securityalert/3017	third-party-advisoryx_refsource_SREASON
http://www.osvdb.org/36357	vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/25290	vdb-entryx_refsource_BID
http://www.infrant.com/forum/viewtopic.php?t=3366…	x_refsource_CONFIRM

Date Public

2007-08-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "readynas-ssh-security-bypass(36011)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
          },
          {
            "name": "20070813 Default Root Password in Infrant (now Netgear) ReadyNAS \"RAIDiator\"",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
          },
          {
            "name": "26442",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26442"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
          },
          {
            "name": "3017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3017"
          },
          {
            "name": "36357",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/36357"
          },
          {
            "name": "25290",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25290"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "readynas-ssh-security-bypass(36011)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
        },
        {
          "name": "20070813 Default Root Password in Infrant (now Netgear) ReadyNAS \"RAIDiator\"",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
        },
        {
          "name": "26442",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26442"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
        },
        {
          "name": "3017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3017"
        },
        {
          "name": "36357",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/36357"
        },
        {
          "name": "25290",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25290"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4361",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "readynas-ssh-security-bypass(36011)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
            },
            {
              "name": "20070813 Default Root Password in Infrant (now Netgear) ReadyNAS \"RAIDiator\"",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
            },
            {
              "name": "http://www.infrant.com/forum/viewtopic.php?t=12249",
              "refsource": "CONFIRM",
              "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
            },
            {
              "name": "26442",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26442"
            },
            {
              "name": "http://www.infrant.com/forum/viewtopic.php?t=12313",
              "refsource": "CONFIRM",
              "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
            },
            {
              "name": "3017",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3017"
            },
            {
              "name": "36357",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/36357"
            },
            {
              "name": "25290",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25290"
            },
            {
              "name": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30",
              "refsource": "CONFIRM",
              "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4361",
    "datePublished": "2007-08-15T19:00:00.000Z",
    "dateReserved": "2007-08-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:53:55.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-4361",
      "date": "2026-06-24",
      "epss": "0.03004",
      "percentile": "0.85652"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B6C9191-CF3A-4458-A1AE-C0295EE02850\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DDF12E6-1646-4D46-AFCE-841FAD60720B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.\"}, {\"lang\": \"es\", \"value\": \"NETGEAR (anteriormente Infrant) ReadyNAS RAIDiator anterior a 4.00b2-p2-T1 beta crea una contrase\\u00f1a SSH de root por defecto derivada del n\\u00famero de serie del aparato, lo cual facilita a atacantes remotos adivinar la contrase\\u00f1a y obtener acceso.\"}]",
      "id": "CVE-2007-4361",
      "lastModified": "2024-11-21T00:35:24.450",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-08-15T19:17:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/26442\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3017\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.infrant.com/forum/viewtopic.php?t=12249\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.infrant.com/forum/viewtopic.php?t=12313\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/36357\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/476266/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25290\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36011\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26442\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.infrant.com/forum/viewtopic.php?t=12249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.infrant.com/forum/viewtopic.php?t=12313\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/36357\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/476266/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4361\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-15T19:17:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.\"},{\"lang\":\"es\",\"value\":\"NETGEAR (anteriormente Infrant) ReadyNAS RAIDiator anterior a 4.00b2-p2-T1 beta crea una contrase\u00f1a SSH de root por defecto derivada del n\u00famero de serie del aparato, lo cual facilita a atacantes remotos adivinar la contrase\u00f1a y obtener acceso.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6C9191-CF3A-4458-A1AE-C0295EE02850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDF12E6-1646-4D46-AFCE-841FAD60720B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/26442\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3017\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.infrant.com/forum/viewtopic.php?t=12249\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.infrant.com/forum/viewtopic.php?t=12313\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/36357\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/476266/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36011\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26442\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infrant.com/forum/viewtopic.php?t=12249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infrant.com/forum/viewtopic.php?t=12313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/36357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/476266/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-4361

Vulnerability from fkie_nvd - Published: 2007-08-15 19:17 - Updated: 2026-06-16 22:43

Severity

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/26442	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3017
cve@mitre.org	http://www.infrant.com/forum/viewtopic.php?t=12249
cve@mitre.org	http://www.infrant.com/forum/viewtopic.php?t=12313
cve@mitre.org	http://www.infrant.com/forum/viewtopic.php?t=3366&start=30
cve@mitre.org	http://www.osvdb.org/36357
cve@mitre.org	http://www.securityfocus.com/archive/1/476266/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25290	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36011
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26442	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3017
af854a3a-2127-422b-91ae-364da2661108	http://www.infrant.com/forum/viewtopic.php?t=12249
af854a3a-2127-422b-91ae-364da2661108	http://www.infrant.com/forum/viewtopic.php?t=12313
af854a3a-2127-422b-91ae-364da2661108	http://www.infrant.com/forum/viewtopic.php?t=3366&start=30
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/36357
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/476266/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25290	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36011

Impacted products

	Vendor	Product	Version
	netgear	readynas_raidiator	3.01c1-p1
	netgear	readynas_raidiator	3.01c1-p6

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6C9191-CF3A-4458-A1AE-C0295EE02850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDF12E6-1646-4D46-AFCE-841FAD60720B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access."
    },
    {
      "lang": "es",
      "value": "NETGEAR (anteriormente Infrant) ReadyNAS RAIDiator anterior a 4.00b2-p2-T1 beta crea una contrase\u00f1a SSH de root por defecto derivada del n\u00famero de serie del aparato, lo cual facilita a atacantes remotos adivinar la contrase\u00f1a y obtener acceso."
    }
  ],
  "id": "CVE-2007-4361",
  "lastModified": "2026-06-16T22:43:56.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-15T19:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26442"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3017"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/36357"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25290"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/36357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-C664-XXMV-X72R

Vulnerability from github – Published: 2022-05-01 18:22 – Updated: 2022-05-01 18:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4361"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-15T19:17:00Z",
    "severity": "HIGH"
  },
  "details": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.",
  "id": "GHSA-c664-xxmv-x72r",
  "modified": "2022-05-01T18:22:48Z",
  "published": "2022-05-01T18:22:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4361"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26442"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3017"
    },
    {
      "type": "WEB",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
    },
    {
      "type": "WEB",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
    },
    {
      "type": "WEB",
      "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/36357"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-4361

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4361

Aliases

CVE-2007-4361

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4361",
    "description": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.",
    "id": "GSD-2007-4361"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4361"
      ],
      "details": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.",
      "id": "GSD-2007-4361",
      "modified": "2023-12-13T01:21:36.325341Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4361",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "readynas-ssh-security-bypass(36011)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
          },
          {
            "name": "20070813 Default Root Password in Infrant (now Netgear) ReadyNAS \"RAIDiator\"",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
          },
          {
            "name": "http://www.infrant.com/forum/viewtopic.php?t=12249",
            "refsource": "CONFIRM",
            "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
          },
          {
            "name": "26442",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26442"
          },
          {
            "name": "http://www.infrant.com/forum/viewtopic.php?t=12313",
            "refsource": "CONFIRM",
            "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
          },
          {
            "name": "3017",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3017"
          },
          {
            "name": "36357",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/36357"
          },
          {
            "name": "25290",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25290"
          },
          {
            "name": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30",
            "refsource": "CONFIRM",
            "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4361"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.infrant.com/forum/viewtopic.php?t=12249",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
            },
            {
              "name": "http://www.infrant.com/forum/viewtopic.php?t=12313",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
            },
            {
              "name": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
            },
            {
              "name": "25290",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/25290"
            },
            {
              "name": "26442",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26442"
            },
            {
              "name": "36357",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/36357"
            },
            {
              "name": "3017",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3017"
            },
            {
              "name": "readynas-ssh-security-bypass(36011)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
            },
            {
              "name": "20070813 Default Root Password in Infrant (now Netgear) ReadyNAS \"RAIDiator\"",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:34Z",
      "publishedDate": "2007-08-15T19:17Z"
    }
  }
}

VAR-200708-0254

Vulnerability from variot - Updated: 2023-12-18 13:58

ReadyNAS has two users enabled by default, one is admin (the default password is infrant1) and the other is root. Each time it starts, it uses a hard-coded algorithm to generate the root password, which uses the Ethernet MAC address and software version number. And a hash of the shared secret. The root password cannot be changed permanently, so it is reset every time it is started.

The ReadyNAS device boots from the built-in flash memory, and the Linux kernel and the initrd image are in this flash memory. At startup, the initrd image will look for the installed hard disk and initialize it. If an uninitialized hard disk is found, it will be added to the RAID array. A part of the hard disk will be used as the root file system. A tarball stored in the flash will initialize it.

After loading the rootfs, some consistency checks are performed, and some important configuration files are encrypted and backed up. These files cannot be changed without decryption.

At startup, the / linuxrc file in the initrd image is first executed as follows:

--------------

SEED1 = `/ sysroot / sbin / ifconfig eth0 | grep HWaddr | sed -e 's /.* HWaddr //'

--e 's / // g'`

SEED2 = cut -f2 -d = / sysroot / etc / raidiator_version | cut -f1 -d,

[ EDIT : removed SEED3 as friendly requested by vendor]

echo "root:echo \ "$ SEED1 $ SEED2 $ SEED3 \" | md5sum | cut -f1 -d ''" |

chpasswd

# TAKE ME OUT !!

[-s /sysroot/.os_passwd] && echo "root:` / sysroot / usr / bin / head -1

/ sysroot / .os_passwd` "| chpasswd

#################

/ sysroot / bin / mv / etc / passwd / sysroot / etc / passwd 2> $ ERR

rm -rf / sysroot / etc / hosts_equiv /sysroot/root/.rhosts

/sysroot/root/.ssh/* 2> $ ERR

--------------

The password is initialized by md5 and the following components:

a.) MAC address obtained from ifconfig

b.) Software version number read from / etc / raidiator_version

c.) Shared keychain in SEED3

Even though the root password varies from device to device (the MAC address is also part of the hash), it is still not secret. First, if the NAS device is in the local LAN, you can query the MAC address through ARP request. Second, the default host name is nas-xx-yy-zz (which can be displayed on the https-based interface), and xx, yy, zz It is the last 3 octal digits of the MAC address; finally, the version of the software can be determined by brute force guessing. Successfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices. This issue affects devices with firmware versions 3.01c1-p1 and 3.01c1-p6 installed; other versions may also be affected.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Infrant ReadyNAS Devices SSH Default Root Password Weakness

SECUNIA ADVISORY ID: SA26442

VERIFY ADVISORY: http://secunia.com/advisories/26442/

CRITICAL: Not critical

IMPACT: Security Bypass

WHERE:

From remote

OPERATING SYSTEM: Infrant ReadyNAS Devices 3.x http://secunia.com/product/15287/

DESCRIPTION: Brian Chapados and Felix Domke have reported a weakness in Infrant ReadyNAS devices, which can be exploited by malicious people to bypass certain security restrictions.

The problem is that the device includes an SSH daemon that cannot be disabled and that the password for the SSH root account on the device is generated using certain device-specific values (e.g. MAC address, serial number, version number) and cannot be changed permanently.

The weakness is reported in ReadyNAS devices with RAIDiator 3.01c1-p1, 3.01c1-p6.

SOLUTION: The vendor has provided the ToggleSSH add-on to disable/enable SSH on the device and has released RAIDiator 4.00b2-p2-T1 beta version, which has SSH disabled by default.

http://www.infrant.com/download/addons/ToggleSSH_1.0.bin http://www.infrant.com/beta/raidiator/4.0/RAIDiator-4.00b2-p2-T1

PROVIDED AND/OR DISCOVERED BY: Brian Chapados and Felix Domke

ORIGINAL ADVISORY: Infrant Technologies: http://www.infrant.com/forum/viewtopic.php?t=12313 http://www.infrant.com/forum/viewtopic.php?t=12249

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200708-0254",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "readynas raidiator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "3.01c1-p6"
      },
      {
        "model": "readynas raidiator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "3.01c1-p1"
      },
      {
        "model": "readynas raidiator",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "4.00b2-p2-t1 beta"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": "readynas raidiator 3.01c1-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "readynas raidiator 3.01c1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "readynas raidiator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netgear",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "db": "BID",
        "id": "25290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brian Chapados                                                          brian@chapados.org                                                         Felix Domke                                                          tmbinc@elitedvb.net",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-4361",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-4361",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-27723",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-4361",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200708-247",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27723",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. ReadyNAS is a direct-attached storage device based on Linux and debian-sparc platforms. \n\n\u00a0ReadyNAS has two users enabled by default, one is admin (the default password is infrant1) and the other is root. Each time it starts, it uses a hard-coded algorithm to generate the root password, which uses the Ethernet MAC address and software version number. And a hash of the shared secret. The root password cannot be changed permanently, so it is reset every time it is started. \n\n\u00a0The ReadyNAS device boots from the built-in flash memory, and the Linux kernel and the initrd image are in this flash memory. At startup, the initrd image will look for the installed hard disk and initialize it. If an uninitialized hard disk is found, it will be added to the RAID array. A part of the hard disk will be used as the root file system. A tarball stored in the flash will initialize it. \n\n\u00a0After loading the rootfs, some consistency checks are performed, and some important configuration files are encrypted and backed up. These files cannot be changed without decryption. \n\n\u00a0At startup, the / linuxrc file in the initrd image is first executed as follows:\n\n\u00a0--------------\n\n\u00a0SEED1 = `/ sysroot / sbin / ifconfig eth0 | grep HWaddr | sed -e \u0027s /.* HWaddr //\u0027\n\n\u00a0--e \u0027s / // g\u0027`\n\n\u00a0SEED2 = `cut -f2 -d = / sysroot / etc / raidiator_version | cut -f1 -d,`\n\n\u00a0[* EDIT *: removed SEED3 as friendly requested by vendor]\n\n\u00a0echo \"root:` echo \\ \"$ SEED1 $ SEED2 $ SEED3 \\\" | md5sum | cut -f1 -d \u0027\u0027 `\" |\n\n\u00a0chpasswd\n\n\u00a0# TAKE ME OUT !!\n\n\u00a0[-s /sysroot/.os_passwd] \u0026\u0026 echo \"root:` / sysroot / usr / bin / head -1\n\n\u00a0/ sysroot / .os_passwd` \"| chpasswd\n\n\u00a0#################\n\n\u00a0/ sysroot / bin / mv / etc / passwd / sysroot / etc / passwd 2\u003e $ ERR\n\n\u00a0rm -rf / sysroot / etc / hosts_equiv /sysroot/root/.rhosts\n\n\u00a0/sysroot/root/.ssh/* 2\u003e $ ERR\n\n\u00a0--------------\n\n\u00a0The password is initialized by md5 and the following components:\n\n\u00a0a.) MAC address obtained from ifconfig\n\n\u00a0b.) Software version number read from / etc / raidiator_version\n\n\u00a0c.) Shared keychain in SEED3\n\n\u00a0Even though the root password varies from device to device (the MAC address is also part of the hash), it is still not secret. First, if the NAS device is in the local LAN, you can query the MAC address through ARP request. Second, the default host name is nas-xx-yy-zz (which can be displayed on the https-based interface), and xx, yy, zz It is the last 3 octal digits of the MAC address; finally, the version of the software can be determined by brute force guessing. \nSuccessfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices. \nThis issue affects devices with firmware versions 3.01c1-p1 and 3.01c1-p6 installed; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nInfrant ReadyNAS Devices SSH Default Root Password Weakness\n\nSECUNIA ADVISORY ID:\nSA26442\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26442/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nInfrant ReadyNAS Devices 3.x\nhttp://secunia.com/product/15287/\n\nDESCRIPTION:\nBrian Chapados and Felix Domke have reported a weakness in Infrant\nReadyNAS devices, which can be exploited by malicious people to\nbypass certain security restrictions. \n\nThe problem is that the device includes an SSH daemon that cannot be\ndisabled and that the password for the SSH root account on the device\nis generated using certain device-specific values (e.g. MAC address,\nserial number, version number) and cannot be changed permanently. \n\nThe weakness is reported in ReadyNAS devices with RAIDiator\n3.01c1-p1, 3.01c1-p6. \n\nSOLUTION:\nThe vendor has provided the ToggleSSH add-on to disable/enable SSH on\nthe device and has released RAIDiator 4.00b2-p2-T1 beta version, which\nhas SSH disabled by default. \n\nhttp://www.infrant.com/download/addons/ToggleSSH_1.0.bin\nhttp://www.infrant.com/beta/raidiator/4.0/RAIDiator-4.00b2-p2-T1\n\nPROVIDED AND/OR DISCOVERED BY:\nBrian Chapados and Felix Domke\n\nORIGINAL ADVISORY:\nInfrant Technologies:\nhttp://www.infrant.com/forum/viewtopic.php?t=12313\nhttp://www.infrant.com/forum/viewtopic.php?t=12249\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "db": "BID",
        "id": "25290"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "db": "PACKETSTORM",
        "id": "58544"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4361",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "25290",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26442",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "3017",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "36357",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2007-4989",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070813 DEFAULT ROOT PASSWORD IN INFRANT (NOW NETGEAR) READYNAS \"RAIDIATOR\"",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "36011",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-27723",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58544",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "db": "BID",
        "id": "25290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "db": "PACKETSTORM",
        "id": "58544"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "id": "VAR-200708-0254",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27723"
      }
    ],
    "trust": 0.7666666999999999
  },
  "last_update_date": "2023-12-18T13:58:19.473000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.netgear.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
      },
      {
        "trust": 1.8,
        "url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25290"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/36357"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26442"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3017"
      },
      {
        "trust": 1.6,
        "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4361"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4361"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/476266/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/36011"
      },
      {
        "trust": 0.3,
        "url": "http://www.infrant.com/products/products.php"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/476266"
      },
      {
        "trust": 0.1,
        "url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026amp;start=30"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15287/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.infrant.com/download/addons/togglessh_1.0.bin"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26442/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.infrant.com/beta/raidiator/4.0/raidiator-4.00b2-p2-t1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "db": "BID",
        "id": "25290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "db": "PACKETSTORM",
        "id": "58544"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "db": "BID",
        "id": "25290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "db": "PACKETSTORM",
        "id": "58544"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-08-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "date": "2007-08-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "date": "2007-08-13T00:00:00",
        "db": "BID",
        "id": "25290"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "date": "2007-08-14T17:37:33",
        "db": "PACKETSTORM",
        "id": "58544"
      },
      {
        "date": "2007-08-15T19:17:00",
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "date": "2007-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-08-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27723"
      },
      {
        "date": "2015-05-07T17:36:00",
        "db": "BID",
        "id": "25290"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004281"
      },
      {
        "date": "2018-10-15T21:34:51.137000",
        "db": "NVD",
        "id": "CVE-2007-4361"
      },
      {
        "date": "2007-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NETGEAR ReadyNAS RAIDiator default root user password vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4989"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "25290"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-247"
      }
    ],
    "trust": 0.9
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4361 (GCVE-0-2007-4361)

FKIE_CVE-2007-4361

GHSA-C664-XXMV-X72R

GSD-2007-4361

VAR-200708-0254

Tags

Sightings

Nomenclature