Vulnerabilites related to NETGEAR - AC1200
var-202211-1008
Vulnerability from variot
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. Tenda AC1200 is a wireless router made by China Tenda Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "w15e",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "15.11.0.10\\(1576\\)"
},
{
"model": "ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v215.11.0.10(1576)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"cve": "CVE-2022-40843",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2022-80693",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-40843",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40843",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-80693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2786",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2786"
},
{
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator\u0027s user account. Tenda AC1200 is a wireless router made by China Tenda Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40843"
},
{
"db": "CNVD",
"id": "CNVD-2022-80693"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40843",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-80693",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2786",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2786"
},
{
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"id": "VAR-202211-1008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
}
],
"trust": 1.209073375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
}
]
},
"last_update_date": "2024-08-14T14:30:51.864000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://boschko.ca/tenda_ac1200_router/"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-40843"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40843"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40843/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2786"
},
{
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2786"
},
{
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"date": "2022-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2786"
},
{
"date": "2022-11-15T02:15:09.093000",
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-80693"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2786"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-40843"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2786"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC1200 authorization error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-80693"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2786"
}
],
"trust": 0.6
}
}
var-201912-2033
Vulnerability from variot
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR AC1200 Smart WiFi Router. User interaction is required to exploit this vulnerability.The specific flaw exists within the handling of admin credentials provided to the mini_httpd endpoint. The issue results from displaying sensitive information in plaintext. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ac1200",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1014"
}
]
},
"credits": {
"_id": null,
"data": "Michael Flanders of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1014"
}
],
"trust": 0.7
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "ZDI-19-1014",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-19-1014",
"trust": 0.7,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1014"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR AC1200 Smart WiFi Router. User interaction is required to exploit this vulnerability.The specific flaw exists within the handling of admin credentials provided to the mini_httpd endpoint. The issue results from displaying sensitive information in plaintext. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1014"
}
],
"trust": 0.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8671",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-1014",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1014"
}
]
},
"id": "VAR-201912-2033",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.36666667
},
"last_update_date": "2022-05-17T02:02:22.506000Z",
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-1014",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-12-12T00:00:00",
"db": "ZDI",
"id": "ZDI-19-1014",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-12-12T00:00:00",
"db": "ZDI",
"id": "ZDI-19-1014",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "(0Day) NETGEAR AC1200 mini_httpd Cleartext Transmission of Sensitive Information Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1014"
}
],
"trust": 0.7
}
}
var-202211-1043
Vulnerability from variot
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Tenda AC1200 is a wireless router made by China Tenda Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac1200",
"scope": "eq",
"trust": 1.2,
"vendor": "tenda",
"version": "v15.11.0.10(1576)"
},
{
"model": "w15e",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "15.11.0.10\\(1576\\)"
},
{
"model": "ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v215.11.0.10(1576)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"cve": "CVE-2022-42058",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-15704",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-15703",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-42058",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-42058",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-15704",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-15703",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2771",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2771"
},
{
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Tenda AC1200 is a wireless router made by China Tenda Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42058"
},
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42058",
"trust": 2.8
},
{
"db": "CNVD",
"id": "CNVD-2023-15704",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2023-15703",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2771",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2771"
},
{
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"id": "VAR-202211-1043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
}
],
"trust": 1.8090733749999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
}
]
},
"last_update_date": "2024-08-14T15:37:18.804000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42058"
},
{
"trust": 1.6,
"url": "https://boschko.ca/tenda_ac1200_router/"
},
{
"trust": 1.0,
"url": "https://boschko.ca/tenda_ac1200_router"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42058/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2771"
},
{
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2771"
},
{
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"date": "2023-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"date": "2022-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2771"
},
{
"date": "2022-11-15T03:15:15.307000",
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15703"
},
{
"date": "2022-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2771"
},
{
"date": "2023-01-23T19:41:15.663000",
"db": "NVD",
"id": "CVE-2022-42058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2771"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC1200 setWanPpoe function stack overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2771"
}
],
"trust": 0.6
}
}
var-202211-1255
Vulnerability from variot
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Tenda AC1200 is a wireless router made by China Tenda Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "w15e",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "15.11.0.10\\(1576\\)"
},
{
"model": "ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v215.11.0.10(1576)"
},
{
"model": "ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.11.0.10(1576)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"cve": "CVE-2022-42060",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-15704",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-42060",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-42060",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-15704",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2770",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2770"
},
{
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Tenda AC1200 is a wireless router made by China Tenda Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42060"
},
{
"db": "CNVD",
"id": "CNVD-2023-15704"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42060",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2023-15704",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2770",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2770"
},
{
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"id": "VAR-202211-1255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
}
],
"trust": 1.209073375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
}
]
},
"last_update_date": "2024-08-14T15:37:18.783000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://boschko.ca/tenda_ac1200_router/"
},
{
"trust": 1.0,
"url": "https://boschko.ca/tenda_ac1200_router"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42058"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42060/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42060"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2770"
},
{
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2770"
},
{
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"date": "2022-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2770"
},
{
"date": "2022-11-15T03:15:15.430000",
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15704"
},
{
"date": "2022-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2770"
},
{
"date": "2023-01-23T19:41:24.867000",
"db": "NVD",
"id": "CVE-2022-42060"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC1200 setWanPpoe function stack overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15704"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2770"
}
],
"trust": 0.6
}
}
var-201912-2027
Vulnerability from variot
This vulnerability allows network-adjacent attackers to disclose sensitive information on vulnerable installations of NETGEAR AC1200 Smart WiFi Router. Authentication is required to exploit this vulnerability.The specific flaw exists within the storage of administrator credentials. The credentials are stored in a recoverable format making them subject to password reuse attacks. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-2027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac1200",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Flanders of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "ZDI-19-1011",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-19-1011",
"trust": 0.7,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows network-adjacent attackers to disclose sensitive information on vulnerable installations of NETGEAR AC1200 Smart WiFi Router. Authentication is required to exploit this vulnerability.The specific flaw exists within the storage of administrator credentials. The credentials are stored in a recoverable format making them subject to password reuse attacks. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8615",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-1011",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
]
},
"id": "VAR-201912-2027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.36666667
},
"last_update_date": "2022-05-17T01:36:02.747000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-12T00:00:00",
"db": "ZDI",
"id": "ZDI-19-1011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-12T00:00:00",
"db": "ZDI",
"id": "ZDI-19-1011"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(0Day) NETGEAR AC1200 mini_httpd Password Storage Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-1011"
}
],
"trust": 0.7
}
}
var-202002-0303
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616. NETGEAR AC1200 R6220 There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR AC1200 is a wireless router from NETGEAR
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ac1200 r6220",
"scope": "eq",
"trust": 1.8,
"vendor": "netgear",
"version": "1.1.0.86"
},
{
"_id": null,
"model": "ac1200",
"scope": null,
"trust": 1.3,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-866"
},
{
"db": "CNVD",
"id": "CNVD-2019-35796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
},
{
"db": "NVD",
"id": "CVE-2019-17137"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:ac1200_r6220_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
}
]
},
"credits": {
"_id": null,
"data": "Michael Flanders of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-866"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-700"
}
],
"trust": 1.3
},
"cve": "CVE-2019-17137",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17137",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014553",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-35796",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17137",
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17137",
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014553",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17137",
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17137",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2019-17137",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014553",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2019-17137",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-35796",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-700",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-866"
},
{
"db": "CNVD",
"id": "CNVD-2019-35796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-700"
},
{
"db": "NVD",
"id": "CVE-2019-17137"
},
{
"db": "NVD",
"id": "CVE-2019-17137"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616. NETGEAR AC1200 R6220 There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR AC1200 is a wireless router from NETGEAR",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
},
{
"db": "ZDI",
"id": "ZDI-19-866"
},
{
"db": "CNVD",
"id": "CNVD-2019-35796"
}
],
"trust": 2.79
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-17137",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-19-866",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8616",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-35796",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-700",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-866"
},
{
"db": "CNVD",
"id": "CNVD-2019-35796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-700"
},
{
"db": "NVD",
"id": "CVE-2019-17137"
}
]
},
"id": "VAR-202002-0303",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35796"
}
],
"trust": 1.15148005
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35796"
}
]
},
"last_update_date": "2024-11-23T22:44:44.339000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-626",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
},
{
"db": "NVD",
"id": "CVE-2019-17137"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-866/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17137"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17137"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-700"
},
{
"db": "NVD",
"id": "CVE-2019-17137"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-866",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-35796",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014553",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-700",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-17137",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "ZDI",
"id": "ZDI-19-866",
"ident": null
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35796",
"ident": null
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014553",
"ident": null
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-700",
"ident": null
},
{
"date": "2020-02-10T21:51:10.563000",
"db": "NVD",
"id": "CVE-2019-17137",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-01-06T00:00:00",
"db": "ZDI",
"id": "ZDI-19-866",
"ident": null
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35796",
"ident": null
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014553",
"ident": null
},
{
"date": "2020-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-700",
"ident": null
},
{
"date": "2024-11-21T04:31:46.110000",
"db": "NVD",
"id": "CVE-2019-17137",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-700"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "NETGEAR AC1200 mini_httpd Poison Null Byte Authentication Bypass Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-866"
},
{
"db": "CNVD",
"id": "CNVD-2019-35796"
}
],
"trust": 1.3
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-700"
}
],
"trust": 0.6
}
}
CVE-2019-17137 (GCVE-0-2019-17137)
Vulnerability from cvelistv5
Published
2020-02-10 19:15
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-626 - Null Byte Interaction Error (Poison Null Byte)
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-19-866/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1200",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "R6220 Firmware version 1.1.0.86"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Flanders of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-626",
"description": "CWE-626: Null Byte Interaction Error (Poison Null Byte)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T19:15:37",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-17137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC1200",
"version": {
"version_data": [
{
"version_value": "R6220 Firmware version 1.1.0.86"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "Michael Flanders of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-626: Null Byte Interaction Error (Poison Null Byte)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2019-17137",
"datePublished": "2020-02-10T19:15:38",
"dateReserved": "2019-10-04T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}