#VU10433 Information disclosure in NETGEAR products
Published: February 9, 2018
Vulnerability identifier: #VU10433
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
D8500
WNDR4500v2
R7000P
R6400v2
R6300v2
DGN2200v4
R6400
R6700
R7000
D8500
WNDR4500v2
R7000P
R6400v2
R6300v2
DGN2200v4
R6400
R6700
R7000
Software vendor:
NETGEAR
NETGEAR
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the genie_restoring.cgi script, provided by the box's built-in web server. An adjacent attacker can abuse the vulnerable script and extract files and passwords from its filesystem in flash storage or pull files from USB sticks plugged into the router.
The weakness exists due to a flaw in the genie_restoring.cgi script, provided by the box's built-in web server. An adjacent attacker can abuse the vulnerable script and extract files and passwords from its filesystem in flash storage or pull files from USB sticks plugged into the router.
Remediation
Update to the latest version.