exploit the possibilities

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure
Posted Jan 3, 2017
Authored by Mandar Jadhav

Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-5638, CVE-2016-5649
MD5 | 772248b8e8b56e15f9e9d0616934765b

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure

Change Mirror Download
# Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities
# Author: Mandar jadhav
# Vendor Homepage: https://www.netgear.com/
# CVE's : CVE-2016-5649, CVE-2016-5638

1. Admin password disclosure (CVE-2016-5649)
A vulnerability is in the 'BSW_cxttongr.htm' page which can allow a remote
attacker to access this page without any authentication. When processed, it
exposes adminas password in clear text before it gets redirected to
absw_vfysucc.cgia. An attacker can use this password to gain administrator
access of the targeted routeras web interface.

Affected Models:
Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50
Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17

Solution:
Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for
DGND3700 to address this issue

2. SSID & wireless key Disclosure (CVE-2016-5638)
There are few web pages associated with the genie app. Genie app adds some
capabilities over the Web GUI and can be accessed even when you are away
from home. A remote attacker can access genie_ping.htm or genie_ping2.htm
or genie_ping3.htm page without authentication. Once accessed, the page
will be redirected to the aCongratulations2.htma page, which reveals some
sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID)
and Network Key (Password) in clear text.

Affected Models:
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68

Solution:
WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any
updates for this.

## History

23.06.2016 - Initial contact to Netgear
24.06.2016 - Reported all details to Netgear
01.07.2016 - Email sent to Netgear asking for status update, no response
14.07.2016 - Email sent to Netgear asking for status update, no response
26.07.2016 - Netgear confirms findings
31.08.2016 - Email sent to Netgear asking for status update
02.09.2016 - Received reply from Netgear that they will be releasing a fix
for this
23.12.2016 - Netgear informs that vulnerability has been fixed in the new
version


Thanks,

Mandar
Login or Register to add favorites

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close