NETGEAR WNR1000 'Image' Request Authentication Bypass Vulnerability Network Vulnerability

Summary

This host is running with NETGEAR WNR1000 and prone to authentication bypass vulnerability.

Impact

Successful exploitation will allow attackers to gain administrative access, circumventing existing authentication mechanisms. Impact Level: Application

Solution

Upgrade to NETGEAR with firmware version 1.0.2.60 or later, For updates refer to http://www.netgear.com

Insight

The web server skipping authentication for certain requests that contain a '.jpg' substring. With a specially crafted URL, a remote attacker can bypass authentication and gain access to the device configuration.

Affected

NETGEAR WNR1000v3, firmware version prior to 1.0.2.60

References

http://packetstormsecurity.com/files/121025
http://seclists.org/bugtraq/2013/Apr/5
http://www.exploit-db.com/exploits/24916
http://www.osvdb.org/91871

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Media Server Privilege Escalation Vulnerability
Nortel Default Username and Password
Cabletron Web View Administrative Access
Privilege Escalation Vulnerability in SLURM
Mozilla Products Privilege Escalation Vulnerabily (MAC OS X)

Take action and discover your vulnerabilities