what you don't know can hurt you

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure
Posted Jan 3, 2017
Authored by Mandar Jadhav

Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-5638, CVE-2016-5649
MD5 | 772248b8e8b56e15f9e9d0616934765b

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure

Change Mirror Download
# Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities
# Author: Mandar jadhav
# Vendor Homepage: https://www.netgear.com/
# CVE's : CVE-2016-5649, CVE-2016-5638

1. Admin password disclosure (CVE-2016-5649)
A vulnerability is in the 'BSW_cxttongr.htm' page which can allow a remote
attacker to access this page without any authentication. When processed, it
exposes adminas password in clear text before it gets redirected to
absw_vfysucc.cgia. An attacker can use this password to gain administrator
access of the targeted routeras web interface.

Affected Models:
Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50
Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17

Solution:
Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for
DGND3700 to address this issue

2. SSID & wireless key Disclosure (CVE-2016-5638)
There are few web pages associated with the genie app. Genie app adds some
capabilities over the Web GUI and can be accessed even when you are away
from home. A remote attacker can access genie_ping.htm or genie_ping2.htm
or genie_ping3.htm page without authentication. Once accessed, the page
will be redirected to the aCongratulations2.htma page, which reveals some
sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID)
and Network Key (Password) in clear text.

Affected Models:
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68

Solution:
WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any
updates for this.

## History

23.06.2016 - Initial contact to Netgear
24.06.2016 - Reported all details to Netgear
01.07.2016 - Email sent to Netgear asking for status update, no response
14.07.2016 - Email sent to Netgear asking for status update, no response
26.07.2016 - Netgear confirms findings
31.08.2016 - Email sent to Netgear asking for status update
02.09.2016 - Received reply from Netgear that they will be releasing a fix
for this
23.12.2016 - Netgear informs that vulnerability has been fixed in the new
version


Thanks,

Mandar
Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close