VAR-201807-0039
Vulnerability from variot - Updated: 2023-12-18 12:01There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. Netgear WNDR4500 Firmware contains an information disclosure vulnerability.Information may be obtained. The NetgearWNDR4500 is a wireless router product from NetGear. # Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities
Author: Mandar jadhav
Vendor Homepage: https://www.netgear.com/
CVE's : CVE-2016-5649, CVE-2016-5638
- When processed, it exposes adminas password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access of the targeted routeras web interface.
History
23.06.2016 - Initial contact to Netgear 24.06.2016 - Reported all details to Netgear 01.07.2016 - Email sent to Netgear asking for status update, no response 14.07.2016 - Email sent to Netgear asking for status update, no response 26.07.2016 - Netgear confirms findings 31.08.2016 - Email sent to Netgear asking for status update 02.09.2016 - Received reply from Netgear that they will be releasing a fix for this 23.12.2016 - Netgear informs that vulnerability has been fixed in the new version
Thanks,
Mandar
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr4500",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.40_1.0.6877"
},
{
"model": "wndr4500",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "v1.0.1.40_1.0.6877."
},
{
"model": "wndr4500 1.0.1.40 1.0.6877",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndr4500_firmware:1.0.1.40_1.0.6877:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndr4500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav",
"sources": [
{
"db": "PACKETSTORM",
"id": "140342"
}
],
"trust": 0.1
},
"cve": "CVE-2016-5638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5638",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-13982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94457",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5638",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5638",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-13982",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94457",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5638",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz \u0026 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. Netgear WNDR4500 Firmware contains an information disclosure vulnerability.Information may be obtained. The NetgearWNDR4500 is a wireless router product from NetGear. # Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities\n# Author: Mandar jadhav\n# Vendor Homepage: https://www.netgear.com/\n# CVE\u0027s : CVE-2016-5649, CVE-2016-5638\n\n1. When processed, it\nexposes adminas password in clear text before it gets redirected to\nabsw_vfysucc.cgia. An attacker can use this password to gain administrator\naccess of the targeted routeras web interface. \n\n## History\n\n23.06.2016 - Initial contact to Netgear\n24.06.2016 - Reported all details to Netgear\n01.07.2016 - Email sent to Netgear asking for status update, no response\n14.07.2016 - Email sent to Netgear asking for status update, no response\n26.07.2016 - Netgear confirms findings\n31.08.2016 - Email sent to Netgear asking for status update\n02.09.2016 - Received reply from Netgear that they will be releasing a fix\nfor this\n23.12.2016 - Netgear informs that vulnerability has been fixed in the new\nversion\n\n\nThanks,\n\nMandar\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "PACKETSTORM",
"id": "140342"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5638",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "140342",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13982",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-94457",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5638",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "PACKETSTORM",
"id": "140342"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"id": "VAR-201807-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
}
]
},
"last_update_date": "2023-12-18T12:01:47.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netgear.com/"
},
{
"title": "Patch for NetgearWNDR4500 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/135397"
},
{
"title": "Netgear WNDR4500 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://packetstormsecurity.com/files/140342/netgear-dgn2200-dgnd3700-wndr4500-information-disclosure.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5638"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5638"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5649"
},
{
"trust": 0.1,
"url": "https://www.netgear.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "PACKETSTORM",
"id": "140342"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "VULHUB",
"id": "VHN-94457"
},
{
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"db": "PACKETSTORM",
"id": "140342"
},
{
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-94457"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"date": "2018-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"date": "2017-01-03T10:11:11",
"db": "PACKETSTORM",
"id": "140342"
},
{
"date": "2018-07-24T15:29:00.233000",
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-94457"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5638"
},
{
"date": "2018-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009238"
},
{
"date": "2019-10-09T23:18:53.720000",
"db": "NVD",
"id": "CVE-2016-5638"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNDR4500 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13982"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1809"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…