Information Disclosure in Netgear WNDR4700 Management Interface
CVE-2013-3070

7.5HIGH

Key Information:

Vendor
Netgear
Status
Wndr4700 Firmware
Vendor
CVE Published:
14 November 2019

Summary

The Netgear WNDR4700 firmware version 1.0.0.34 has a vulnerability in its management web interface that permits unauthorized disclosure of the Pre-Shared Key (PSK) of the wireless LAN. This could potentially allow attackers to gain access to secured networks, exposing sensitive data and compromising network integrity. Administrators should ensure they are running the latest firmware updates to mitigate this issue.

References

https://www.ise.io/casestudies/exploiting-soho-routers/
x_refsource_MISC
https://www.ise.io/soho_service_hacks/
x_refsource_MISC
https://www.ise.io/wp-content/uploads/2017/07/soho_techre...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.