what you don't know can hurt you

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure
Posted Jan 3, 2017
Authored by Mandar Jadhav

Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-5638, CVE-2016-5649
MD5 | 772248b8e8b56e15f9e9d0616934765b

Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure

Change Mirror Download
# Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities
# Author: Mandar jadhav
# Vendor Homepage: https://www.netgear.com/
# CVE's : CVE-2016-5649, CVE-2016-5638

1. Admin password disclosure (CVE-2016-5649)
A vulnerability is in the 'BSW_cxttongr.htm' page which can allow a remote
attacker to access this page without any authentication. When processed, it
exposes adminas password in clear text before it gets redirected to
absw_vfysucc.cgia. An attacker can use this password to gain administrator
access of the targeted routeras web interface.

Affected Models:
Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50
Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17

Solution:
Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for
DGND3700 to address this issue

2. SSID & wireless key Disclosure (CVE-2016-5638)
There are few web pages associated with the genie app. Genie app adds some
capabilities over the Web GUI and can be accessed even when you are away
from home. A remote attacker can access genie_ping.htm or genie_ping2.htm
or genie_ping3.htm page without authentication. Once accessed, the page
will be redirected to the aCongratulations2.htma page, which reveals some
sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID)
and Network Key (Password) in clear text.

Affected Models:
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68

Solution:
WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any
updates for this.

## History

23.06.2016 - Initial contact to Netgear
24.06.2016 - Reported all details to Netgear
01.07.2016 - Email sent to Netgear asking for status update, no response
14.07.2016 - Email sent to Netgear asking for status update, no response
26.07.2016 - Netgear confirms findings
31.08.2016 - Email sent to Netgear asking for status update
02.09.2016 - Received reply from Netgear that they will be releasing a fix
for this
23.12.2016 - Netgear informs that vulnerability has been fixed in the new
version


Thanks,

Mandar
Login or Register to add favorites

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close