NETGEAR WNR1000 'Image' Request Authentication Bypass Vulnerability Network Vulnerability

Summary

This host is running with NETGEAR WNR1000 and prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow attackers to gain administrative access, circumventing existing authentication mechanisms. Impact Level: Application

Solution

Upgrade to NETGEAR with firmware version 1.0.2.60 or later, For updates refer to http://www.netgear.com

Insight

The web server skipping authentication for certain requests that contain a '.jpg' substring. With a specially crafted URL, a remote attacker can bypass authentication and gain access to the device configuration.

Affected

NETGEAR WNR1000v3, firmware version prior to 1.0.2.60

References

http://packetstormsecurity.com/files/121025
http://seclists.org/bugtraq/2013/Apr/5
http://www.exploit-db.com/exploits/24916
http://www.osvdb.org/91871

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

VMware Product(s) Local Privilege Escalation Vulnerability
Changetrack Local Privilege Escalation Vulnerability
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Multiple Brickcom Devices Authentication Bypass Vulnerability
VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability

Take action and discover your vulnerabilities