cvelistv5 - cve-2016-5649

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:08:00.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DGN2200",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "DGN2200-V1.0.0.50_7.0.50"
            }
          ]
        },
        {
          "product": "DGND3700",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "DGND3700-V1.0.0.17_1.0.17"
            }
          ]
        }
      ],
      "datePublic": "2017-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-30T17:06:08",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Netgear DGN2200 and DGND3700 disclose the administrator password",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5649",
          "STATE": "PUBLIC",
          "TITLE": "Netgear DGN2200 and DGND3700 disclose the administrator password"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DGN2200",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "DGN2200-V1.0.0.50_7.0.50",
                            "version_value": "DGN2200-V1.0.0.50_7.0.50"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DGND3700",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "DGND3700-V1.0.0.17_1.0.17",
                            "version_value": "DGND3700-V1.0.0.17_1.0.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Netgear"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5649",
    "datePublished": "2018-07-24T15:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:08:00.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80499893-9115-49DD-95B9-86FB0DCBA8B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37C89394-ED7D-4C5F-9573-47A0378E22C8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EDC70D5-1652-4EBD-9ADE-83B3B5AD6861\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEC17F51-BDB8-4B30-B5E9-557CBDFDE785\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.\"}, {\"lang\": \"es\", \"value\": \"Hay una vulnerabilidad en la p\\u00e1gina \\\"BSW_cxttongr.htm\\\" de Netgear DGN2200, en su versi\\u00f3n DGN2200-V1.0.0.50_7.0.50 y DGND3700, en su versi\\u00f3n DGND3700-V1.0.0.17_1.0.17, que puede permitir que un atacante remoto acceda a esta p\\u00e1gina sin ning\\u00fan tipo de autenticaci\\u00f3n. Al procesarse, expone la contrase\\u00f1a de administrador en texto claro antes de que se redirija a absw_vfysucc.cgia. Un atacante puede emplear esta contrase\\u00f1a para obtener acceso de administrador a la interfaz web del router objetivo.\"}]",
      "id": "CVE-2016-5649",
      "lastModified": "2024-11-21T02:54:45.767",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-24T15:29:00.280",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-5649\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-24T15:29:00.280\",\"lastModified\":\"2024-11-21T02:54:45.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.\"},{\"lang\":\"es\",\"value\":\"Hay una vulnerabilidad en la p\u00e1gina \\\"BSW_cxttongr.htm\\\" de Netgear DGN2200, en su versi\u00f3n DGN2200-V1.0.0.50_7.0.50 y DGND3700, en su versi\u00f3n DGND3700-V1.0.0.17_1.0.17, que puede permitir que un atacante remoto acceda a esta p\u00e1gina sin ning\u00fan tipo de autenticaci\u00f3n. Al procesarse, expone la contrase\u00f1a de administrador en texto claro antes de que se redirija a absw_vfysucc.cgia. Un atacante puede emplear esta contrase\u00f1a para obtener acceso de administrador a la interfaz web del router objetivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80499893-9115-49DD-95B9-86FB0DCBA8B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C89394-ED7D-4C5F-9573-47A0378E22C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDC70D5-1652-4EBD-9ADE-83B3B5AD6861\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC17F51-BDB8-4B30-B5E9-557CBDFDE785\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2018-17646

Vulnerability from cnvd - Published: 2018-09-06

Title

Netgear DGN2200信息泄露漏洞

Description

NETGEAR DGN2200是美国网件（NETGEAR）公司的一款无线路由器产品。 Netgear DGN2200 DGN2200-V1.0.0.50_7.0.50版本和DGND3700 DGND3700-V1.0.0.17_1.0.17版本中的BSW_cxttongr.htm页面存在信息泄露漏洞。远程攻击者可利用该漏洞未经认证访问该页面，泄露明文形式的管理员密码，获取目标路由器Web界面的管理员权限。

Severity

中

Patch Name

Netgear DGN2200信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.netgear.com/

Reference

https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html

Impacted products

Name
['NETGEAR DGN2200 1.0.0.50_7.0.50', 'NETGEAR DGND3700 1.0.0.17_1.0.17']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5649"
    }
  },
  "description": "NETGEAR DGN2200\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nNetgear DGN2200 DGN2200-V1.0.0.50_7.0.50\u7248\u672c\u548cDGND3700 DGND3700-V1.0.0.17_1.0.17\u7248\u672c\u4e2d\u7684BSW_cxttongr.htm\u9875\u9762\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u7ecf\u8ba4\u8bc1\u8bbf\u95ee\u8be5\u9875\u9762\uff0c\u6cc4\u9732\u660e\u6587\u5f62\u5f0f\u7684\u7ba1\u7406\u5458\u5bc6\u7801\uff0c\u83b7\u53d6\u76ee\u6807\u8def\u7531\u5668Web\u754c\u9762\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "Mandar jadhav",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.netgear.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17646",
  "openTime": "2018-09-06",
  "patchDescription": "NETGEAR DGN2200\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nNetgear DGN2200 DGN2200-V1.0.0.50_7.0.50\u7248\u672c\u548cDGND3700 DGND3700-V1.0.0.17_1.0.17\u7248\u672c\u4e2d\u7684BSW_cxttongr.htm\u9875\u9762\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u7ecf\u8ba4\u8bc1\u8bbf\u95ee\u8be5\u9875\u9762\uff0c\u6cc4\u9732\u660e\u6587\u5f62\u5f0f\u7684\u7ba1\u7406\u5458\u5bc6\u7801\uff0c\u83b7\u53d6\u76ee\u6807\u8def\u7531\u5668Web\u754c\u9762\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Netgear DGN2200\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NETGEAR DGN2200 1.0.0.50_7.0.50",
      "NETGEAR DGND3700 1.0.0.17_1.0.17"
    ]
  },
  "referenceLink": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-26",
  "title": "Netgear DGN2200\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201807-0040

Vulnerability from variot - Updated: 2023-12-18 12:01

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. Netgear DGN2200 and DGND3700 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NETGEAR DGN2200 is a wireless router product from NETGEAR.

Affected Models: Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50 Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17

Solution: Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for DGND3700 to address this issue

SSID & wireless key Disclosure (CVE-2016-5638) There are few web pages associated with the genie app. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.

Affected Models: Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68

Solution: WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any updates for this.

History

23.06.2016 - Initial contact to Netgear 24.06.2016 - Reported all details to Netgear 01.07.2016 - Email sent to Netgear asking for status update, no response 14.07.2016 - Email sent to Netgear asking for status update, no response 26.07.2016 - Netgear confirms findings 31.08.2016 - Email sent to Netgear asking for status update 02.09.2016 - Received reply from Netgear that they will be releasing a fix for this 23.12.2016 - Netgear informs that vulnerability has been fixed in the new version

Thanks,

Mandar

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0040",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dgn2200",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "1.0.0.50_7.0.50"
      },
      {
        "model": "dgnd3700",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netgear",
        "version": "1.0.0.17_1.0.17"
      },
      {
        "model": "dgn2200",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "v1.0.0.50_7.0.50"
      },
      {
        "model": "dgnd3700",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "v1.0.0.17_1.0.17"
      },
      {
        "model": "dgn2200 1.0.0.50 7.0.50",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "dgnd3700 1.0.0.17 1.0.17",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Social Engineering Neo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-5649",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-5649",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-17646",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-94468",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-5649",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-5649",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-17646",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1808",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-94468",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-5649",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface. Netgear DGN2200 and DGND3700 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NETGEAR DGN2200 is a wireless router product from NETGEAR. \n\nAffected Models:\nNetgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50\nNetgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17\n\nSolution:\nNetgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for\nDGND3700 to address this issue\n\n2. SSID \u0026 wireless key Disclosure (CVE-2016-5638)\nThere are few web pages associated with the genie app. Genie app adds some\ncapabilities over the Web GUI and can be accessed even when you are away\nfrom home. Once accessed, the page\nwill be redirected to the aCongratulations2.htma page, which reveals some\nsensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID)\nand Network Key (Password) in clear text. \n\nAffected Models:\nNetgear WNDR4500 running firmware version V1.0.1.40_1.0.68\n\nSolution:\nWNDR4500v1 has reached the End of Life so Netgear wonat be releasing any\nupdates for this. \n\n## History\n\n23.06.2016 - Initial contact to Netgear\n24.06.2016 - Reported all details to Netgear\n01.07.2016 - Email sent to Netgear asking for status update, no response\n14.07.2016 - Email sent to Netgear asking for status update, no response\n26.07.2016 - Netgear confirms findings\n31.08.2016 - Email sent to Netgear asking for status update\n02.09.2016 - Received reply from Netgear that they will be releasing a fix\nfor this\n23.12.2016 - Netgear informs that vulnerability has been fixed in the new\nversion\n\n\nThanks,\n\nMandar\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5649",
        "trust": 3.3
      },
      {
        "db": "PACKETSTORM",
        "id": "140342",
        "trust": 3.3
      },
      {
        "db": "PACKETSTORM",
        "id": "152675",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "id": "VAR-201807-0040",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      }
    ],
    "trust": 1.437701455
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:01:47.005000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.netgear.com/"
      },
      {
        "title": "Patch for Netgear DGN2200 Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/138891"
      },
      {
        "title": "Netgear DGN2200 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82592"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://packetstormsecurity.com/files/140342/netgear-dgn2200-dgnd3700-wndr4500-information-disclosure.html"
      },
      {
        "trust": 2.5,
        "url": "http://packetstormsecurity.com/files/152675/netgear-dgn2200-dgnd3700-admin-password-disclosure.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5649"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5649"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5638"
      },
      {
        "trust": 0.1,
        "url": "https://www.netgear.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "date": "2018-07-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "date": "2018-07-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "date": "2017-01-03T10:11:11",
        "db": "PACKETSTORM",
        "id": "140342"
      },
      {
        "date": "2018-07-24T15:29:00.280000",
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "date": "2018-07-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-17646"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94468"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5649"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      },
      {
        "date": "2019-10-09T23:18:54.143000",
        "db": "NVD",
        "id": "CVE-2016-5649"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Netgear DGN2200 and  DGND3700 Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009214"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1808"
      }
    ],
    "trust": 0.6
  }
}

GHSA-XGQP-24FP-7V85

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-24T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.",
  "id": "GHSA-xgqp-24fp-7v85",
  "modified": "2022-05-13T01:38:47Z",
  "published": "2022-05-13T01:38:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5649"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-5649

Vulnerability from fkie_nvd - Published: 2018-07-24 15:29 - Updated: 2024-11-21 02:54

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
netgear	dgn2200_firmware	1.0.0.50_7.0.50
netgear	dgn2200	-
netgear	dgnd3700_firmware	1.0.0.17_1.0.17
netgear	dgnd3700	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "80499893-9115-49DD-95B9-86FB0DCBA8B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C89394-ED7D-4C5F-9573-47A0378E22C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EDC70D5-1652-4EBD-9ADE-83B3B5AD6861",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC17F51-BDB8-4B30-B5E9-557CBDFDE785",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad en la p\u00e1gina \"BSW_cxttongr.htm\" de Netgear DGN2200, en su versi\u00f3n DGN2200-V1.0.0.50_7.0.50 y DGND3700, en su versi\u00f3n DGND3700-V1.0.0.17_1.0.17, que puede permitir que un atacante remoto acceda a esta p\u00e1gina sin ning\u00fan tipo de autenticaci\u00f3n. Al procesarse, expone la contrase\u00f1a de administrador en texto claro antes de que se redirija a absw_vfysucc.cgia. Un atacante puede emplear esta contrase\u00f1a para obtener acceso de administrador a la interfaz web del router objetivo."
    }
  ],
  "id": "CVE-2016-5649",
  "lastModified": "2024-11-21T02:54:45.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-24T15:29:00.280",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-5649

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-5649

Aliases

CVE-2016-5649

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5649",
    "description": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.",
    "id": "GSD-2016-5649",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-5649"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5649"
      ],
      "details": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface.",
      "id": "GSD-2016-5649",
      "modified": "2023-12-13T01:21:25.818037Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-5649",
        "STATE": "PUBLIC",
        "TITLE": "Netgear DGN2200 and DGND3700 disclose the administrator password"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DGN2200",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "DGN2200-V1.0.0.50_7.0.50",
                          "version_value": "DGN2200-V1.0.0.50_7.0.50"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "DGND3700",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "DGND3700-V1.0.0.17_1.0.17",
                          "version_value": "DGND3700-V1.0.0.17_1.0.17"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Netgear"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-319"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Netgear has released firmware version 1.0.0.52 for DGN2200 \u0026 1.0.0.28 for DGND3700 to address this issue."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:dgnd3700_firmware:1.0.0.17_1.0.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5649"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability is in the \u0027BSW_cxttongr.htm\u0027 page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router\u0027s web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:18Z",
      "publishedDate": "2018-07-24T15:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-5649 (GCVE-0-2016-5649)

CNVD-2018-17646

VAR-201807-0040

History

GHSA-XGQP-24FP-7V85

FKIE_CVE-2016-5649

GSD-2016-5649

Tags

Sightings

Nomenclature