CVE-2016-5649
N/A
N/A
Summary
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Netgear | DGN2200 | DGN2200-V1.0.0.50_7.0.50 | affected |
| Netgear | DGND3700 | DGND3700-V1.0.0.17_1.0.17 | affected |
Weaknesses
- CWE-319: CWE-319
ADP Enrichment
CVE Program Container
Additional References
- https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html
- http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html
References
- https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html
- http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.