CVE-2014-2969 - NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpasswo

CVE-2014-2969

Summary

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

References

http://www.kb.cert.org/vuls/id/143740

Vulnerable Configurations

cpe:2.3:o:netgear:gs108pe_firmware:1.2.0.5:*:*:*:*:*:*:*
cpe:2.3:o:netgear:gs108pe_firmware:1.2.0.5:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs108pe:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs108pe:-:*:*:*:*:*:*:*

CVSS

Base:	8.3 (as of 07-07-2014 - 19:14)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:N/C:C/I:C/A:C

refmap via4

cert-vn

VU#143740

Last major update

07-07-2014 - 19:14

Published

07-07-2014 - 11:01

Last modified

07-07-2014 - 19:14