Описание
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одновременно
EPSS
8.8 High
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483.
Уязвимость микропрограммного обеспечения Wi-Fi роутеров NETGEAR D7000v2, R6400, R6400v2, R6700v3, R6900P, R7000, R7000P, R8300, R8500, RS400, XR300, связанная с недостатками процедуры аутентификации перед выполнением сброса пароля, позволяющая нарушителю изменить пароль администратора
EPSS
8.8 High
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2