VAR-200708-0254
Vulnerability from variot - Updated: 2023-12-18 13:58NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. ReadyNAS is a direct-attached storage device based on Linux and debian-sparc platforms.
ReadyNAS has two users enabled by default, one is admin (the default password is infrant1) and the other is root. Each time it starts, it uses a hard-coded algorithm to generate the root password, which uses the Ethernet MAC address and software version number. And a hash of the shared secret. The root password cannot be changed permanently, so it is reset every time it is started.
The ReadyNAS device boots from the built-in flash memory, and the Linux kernel and the initrd image are in this flash memory. At startup, the initrd image will look for the installed hard disk and initialize it. If an uninitialized hard disk is found, it will be added to the RAID array. A part of the hard disk will be used as the root file system. A tarball stored in the flash will initialize it.
After loading the rootfs, some consistency checks are performed, and some important configuration files are encrypted and backed up. These files cannot be changed without decryption.
At startup, the / linuxrc file in the initrd image is first executed as follows:
--------------
SEED1 = `/ sysroot / sbin / ifconfig eth0 | grep HWaddr | sed -e 's /.* HWaddr //'
--e 's / // g'`
SEED2 = cut -f2 -d = / sysroot / etc / raidiator_version | cut -f1 -d,
[ EDIT : removed SEED3 as friendly requested by vendor]
echo "root:echo \ "$ SEED1 $ SEED2 $ SEED3 \" | md5sum | cut -f1 -d ''" |
chpasswd
# TAKE ME OUT !!
[-s /sysroot/.os_passwd] && echo "root:` / sysroot / usr / bin / head -1
/ sysroot / .os_passwd` "| chpasswd
#################
/ sysroot / bin / mv / etc / passwd / sysroot / etc / passwd 2> $ ERR
rm -rf / sysroot / etc / hosts_equiv /sysroot/root/.rhosts
/sysroot/root/.ssh/* 2> $ ERR
--------------
The password is initialized by md5 and the following components:
a.) MAC address obtained from ifconfig
b.) Software version number read from / etc / raidiator_version
c.) Shared keychain in SEED3
Even though the root password varies from device to device (the MAC address is also part of the hash), it is still not secret. First, if the NAS device is in the local LAN, you can query the MAC address through ARP request. Second, the default host name is nas-xx-yy-zz (which can be displayed on the https-based interface), and xx, yy, zz It is the last 3 octal digits of the MAC address; finally, the version of the software can be determined by brute force guessing. Successfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices. This issue affects devices with firmware versions 3.01c1-p1 and 3.01c1-p6 installed; other versions may also be affected.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Infrant ReadyNAS Devices SSH Default Root Password Weakness
SECUNIA ADVISORY ID: SA26442
VERIFY ADVISORY: http://secunia.com/advisories/26442/
CRITICAL: Not critical
IMPACT: Security Bypass
WHERE:
From remote
OPERATING SYSTEM: Infrant ReadyNAS Devices 3.x http://secunia.com/product/15287/
DESCRIPTION: Brian Chapados and Felix Domke have reported a weakness in Infrant ReadyNAS devices, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that the device includes an SSH daemon that cannot be disabled and that the password for the SSH root account on the device is generated using certain device-specific values (e.g. MAC address, serial number, version number) and cannot be changed permanently.
The weakness is reported in ReadyNAS devices with RAIDiator 3.01c1-p1, 3.01c1-p6.
SOLUTION: The vendor has provided the ToggleSSH add-on to disable/enable SSH on the device and has released RAIDiator 4.00b2-p2-T1 beta version, which has SSH disabled by default.
http://www.infrant.com/download/addons/ToggleSSH_1.0.bin http://www.infrant.com/beta/raidiator/4.0/RAIDiator-4.00b2-p2-T1
PROVIDED AND/OR DISCOVERED BY: Brian Chapados and Felix Domke
ORIGINAL ADVISORY: Infrant Technologies: http://www.infrant.com/forum/viewtopic.php?t=12313 http://www.infrant.com/forum/viewtopic.php?t=12249
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "readynas raidiator",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.01c1-p6"
},
{
"model": "readynas raidiator",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.01c1-p1"
},
{
"model": "readynas raidiator",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "4.00b2-p2-t1 beta"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "readynas raidiator 3.01c1-p6",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "readynas raidiator 3.01c1-p1",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "readynas raidiator",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netgear:readynas_raidiator:3.01c1-p6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Chapados brian@chapados.org Felix Domke tmbinc@elitedvb.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-4361",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-27723",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4361",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-247",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-27723",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. ReadyNAS is a direct-attached storage device based on Linux and debian-sparc platforms. \n\n\u00a0ReadyNAS has two users enabled by default, one is admin (the default password is infrant1) and the other is root. Each time it starts, it uses a hard-coded algorithm to generate the root password, which uses the Ethernet MAC address and software version number. And a hash of the shared secret. The root password cannot be changed permanently, so it is reset every time it is started. \n\n\u00a0The ReadyNAS device boots from the built-in flash memory, and the Linux kernel and the initrd image are in this flash memory. At startup, the initrd image will look for the installed hard disk and initialize it. If an uninitialized hard disk is found, it will be added to the RAID array. A part of the hard disk will be used as the root file system. A tarball stored in the flash will initialize it. \n\n\u00a0After loading the rootfs, some consistency checks are performed, and some important configuration files are encrypted and backed up. These files cannot be changed without decryption. \n\n\u00a0At startup, the / linuxrc file in the initrd image is first executed as follows:\n\n\u00a0--------------\n\n\u00a0SEED1 = `/ sysroot / sbin / ifconfig eth0 | grep HWaddr | sed -e \u0027s /.* HWaddr //\u0027\n\n\u00a0--e \u0027s / // g\u0027`\n\n\u00a0SEED2 = `cut -f2 -d = / sysroot / etc / raidiator_version | cut -f1 -d,`\n\n\u00a0[* EDIT *: removed SEED3 as friendly requested by vendor]\n\n\u00a0echo \"root:` echo \\ \"$ SEED1 $ SEED2 $ SEED3 \\\" | md5sum | cut -f1 -d \u0027\u0027 `\" |\n\n\u00a0chpasswd\n\n\u00a0# TAKE ME OUT !!\n\n\u00a0[-s /sysroot/.os_passwd] \u0026\u0026 echo \"root:` / sysroot / usr / bin / head -1\n\n\u00a0/ sysroot / .os_passwd` \"| chpasswd\n\n\u00a0#################\n\n\u00a0/ sysroot / bin / mv / etc / passwd / sysroot / etc / passwd 2\u003e $ ERR\n\n\u00a0rm -rf / sysroot / etc / hosts_equiv /sysroot/root/.rhosts\n\n\u00a0/sysroot/root/.ssh/* 2\u003e $ ERR\n\n\u00a0--------------\n\n\u00a0The password is initialized by md5 and the following components:\n\n\u00a0a.) MAC address obtained from ifconfig\n\n\u00a0b.) Software version number read from / etc / raidiator_version\n\n\u00a0c.) Shared keychain in SEED3\n\n\u00a0Even though the root password varies from device to device (the MAC address is also part of the hash), it is still not secret. First, if the NAS device is in the local LAN, you can query the MAC address through ARP request. Second, the default host name is nas-xx-yy-zz (which can be displayed on the https-based interface), and xx, yy, zz It is the last 3 octal digits of the MAC address; finally, the version of the software can be determined by brute force guessing. \nSuccessfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices. \nThis issue affects devices with firmware versions 3.01c1-p1 and 3.01c1-p6 installed; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nInfrant ReadyNAS Devices SSH Default Root Password Weakness\n\nSECUNIA ADVISORY ID:\nSA26442\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26442/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nInfrant ReadyNAS Devices 3.x\nhttp://secunia.com/product/15287/\n\nDESCRIPTION:\nBrian Chapados and Felix Domke have reported a weakness in Infrant\nReadyNAS devices, which can be exploited by malicious people to\nbypass certain security restrictions. \n\nThe problem is that the device includes an SSH daemon that cannot be\ndisabled and that the password for the SSH root account on the device\nis generated using certain device-specific values (e.g. MAC address,\nserial number, version number) and cannot be changed permanently. \n\nThe weakness is reported in ReadyNAS devices with RAIDiator\n3.01c1-p1, 3.01c1-p6. \n\nSOLUTION:\nThe vendor has provided the ToggleSSH add-on to disable/enable SSH on\nthe device and has released RAIDiator 4.00b2-p2-T1 beta version, which\nhas SSH disabled by default. \n\nhttp://www.infrant.com/download/addons/ToggleSSH_1.0.bin\nhttp://www.infrant.com/beta/raidiator/4.0/RAIDiator-4.00b2-p2-T1\n\nPROVIDED AND/OR DISCOVERED BY:\nBrian Chapados and Felix Domke\n\nORIGINAL ADVISORY:\nInfrant Technologies:\nhttp://www.infrant.com/forum/viewtopic.php?t=12313\nhttp://www.infrant.com/forum/viewtopic.php?t=12249\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "PACKETSTORM",
"id": "58544"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4361",
"trust": 3.4
},
{
"db": "BID",
"id": "25290",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26442",
"trust": 1.8
},
{
"db": "SREASON",
"id": "3017",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "36357",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4989",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070813 DEFAULT ROOT PASSWORD IN INFRANT (NOW NETGEAR) READYNAS \"RAIDIATOR\"",
"trust": 0.6
},
{
"db": "XF",
"id": "36011",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-27723",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58544",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "PACKETSTORM",
"id": "58544"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"id": "VAR-200708-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27723"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2023-12-18T13:58:19.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
},
{
"trust": 1.8,
"url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25290"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/36357"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26442"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3017"
},
{
"trust": 1.6,
"url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4361"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4361"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/476266/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36011"
},
{
"trust": 0.3,
"url": "http://www.infrant.com/products/products.php"
},
{
"trust": 0.3,
"url": "/archive/1/476266"
},
{
"trust": 0.1,
"url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026amp;start=30"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15287/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.infrant.com/download/addons/togglessh_1.0.bin"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26442/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.infrant.com/beta/raidiator/4.0/raidiator-4.00b2-p2-t1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "PACKETSTORM",
"id": "58544"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "PACKETSTORM",
"id": "58544"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"date": "2007-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-27723"
},
{
"date": "2007-08-13T00:00:00",
"db": "BID",
"id": "25290"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"date": "2007-08-14T17:37:33",
"db": "PACKETSTORM",
"id": "58544"
},
{
"date": "2007-08-15T19:17:00",
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"date": "2007-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-27723"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25290"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"date": "2018-10-15T21:34:51.137000",
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"date": "2007-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR ReadyNAS RAIDiator default root user password vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "25290"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…