CVE-2014-2969

Published Jul 7, 2014

Last updated 10 years ago

Overview

Description: NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
Source: cret@cert.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-255

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs108pe_firmware:1.2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DFD4269-4863-4611-85A5-E0221AD2C423"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs108pe:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0244D5C-C430-4649-8990-6817901F0033"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References