Information disclosure in Hardware solutions

#VU73701 Information disclosure in Hardware solutions

Published: 2023-03-15

Vulnerability identifier: #VU73701

Vulnerability risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
D7000
Hardware solutions / Routers & switches, VoIP, GSM, etc
JNR1010v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
JWNR2010v5
Hardware solutions / Routers & switches, VoIP, GSM, etc
PR2000 fixed
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6020
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6050
Hardware solutions / Routers & switches, VoIP, GSM, etc
JR6150
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6120
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6220
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6230
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6700v3
Hardware solutions / Routers & switches, VoIP, GSM, etc
WN3000RP
Hardware solutions / Routers & switches, VoIP, GSM, etc
WN3000RPv2
Hardware solutions / Routers & switches, VoIP, GSM, etc
WN3000RPv3
Hardware solutions / Routers & switches, VoIP, GSM, etc
WN3100RPv2
Hardware solutions / Routers & switches, VoIP, GSM, etc
WNR1000v4
Hardware solutions / Routers & switches, VoIP, GSM, etc
WNR2020
Hardware solutions / Routers & switches, VoIP, GSM, etc
WNR2050
Hardware solutions / Routers & switches, VoIP, GSM, etc
D7800
Hardware solutions / Routers for home users
R6400v2
Hardware solutions / Routers for home users
R7000
Hardware solutions / Routers for home users
R7000P
Hardware solutions / Routers for home users
R7100LG
Hardware solutions / Routers for home users
R7500v2
Hardware solutions / Routers for home users
R7800
Hardware solutions / Routers for home users
WNR2000v5
Hardware solutions / Routers for home users

Vendor:

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a security misconfiguration issue. A local attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://kb.netgear.com/000065561/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-2454

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in NETGEAR Routers