Authentication Bypass in NETGEAR Centria Router Firmware
CVE-2013-3072

9.8CRITICAL

Key Information:

Vendor
Netgear
Status
Wndr4700 Firmware
Vendor
CVE Published:
14 November 2019

Summary

A significant vulnerability in NETGEAR's Centria WNDR4700 Router allows unauthorized access to the web administration portal without requiring user authentication. This occurs when the URL http://<router_ip>/apply.cgi?/hdd_usr_setup.htm is accessed, rendering the router's security ineffective. Any user, whether authenticated or not, can exploit this flaw, potentially leading to unauthorized changes in settings or other malicious activities.

References

https://www.ise.io/casestudies/exploiting-soho-routers/
x_refsource_MISC
https://www.ise.io/soho_service_hacks/
x_refsource_MISC
https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.