CVE-2013-3072 Information

Description

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://router_ip/apply.cgi?/hdd_usr_setup.htm that when visited by any user authenticated or not causes the router to no longer require a password to access the web administration portal.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52 https://www.ise.io/casestudies/exploiting-soho-routers/ https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ https://www.ise.io/soho_service_hacks/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8