Описание
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:netgear:d3600_firmware:1.0.0.49:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.0.49 (включая)
Одновременно
cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00795
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
EPSS
Процентиль: 74%
0.00795
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200