{"containers": {"cna": {"affected": [{"product": "Multiple Routers", "vendor": "NETGEAR", "versions": [{"status": "affected", "version": "1.0.66"}]}], "credits": [{"lang": "en", "value": "Anonymous"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-13T17:10:43", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"}, {"tags": ["x_refsource_MISC"], "url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2020-17409", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Multiple Routers", "version": {"version_data": [{"version_value": "1.0.66"}]}}]}, "vendor_name": "NETGEAR"}]}}, "credit": "Anonymous", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754."}]}, "impact": {"cvss": {"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"}, {"name": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258", "refsource": "MISC", "url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"}]}}}}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2020-17409", "datePublished": "2020-10-13T17:10:43", "dateReserved": "2020-08-07T00:00:00", "dateUpdated": "2020-10-13T17:10:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1194304-4B9E-418B-90B5-D8125AB07049", "versionEndExcluding": "1.0.0.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "731CB26A-38C7-4CE0-9F48-0CBC4FE59800", "versionEndExcluding": "1.0.0.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F898DC9-9250-47DF-844C-F7308365135B", "versionEndExcluding": "1.0.0.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", "matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79B24229-6AC2-489D-B542-4DAA7E630180", "versionEndExcluding": "1.1.0.100", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", "matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B5B842D-2275-4968-997B-A70A67CBDBEC", "versionEndExcluding": "1.1.0.100", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*", "matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "23D4F7E6-C042-434E-87B8-55DB18B08B0A", "versionEndExcluding": "1.1.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6524B85E-23AC-4983-8331-96E12899B773", "versionEndExcluding": "1.1.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*", "matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F105F6F-ECD3-411D-924E-94BCF036C1EA", "versionEndExcluding": "1.1.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3408536D-FC77-48C5-AD15-C5A170D7417C", "versionEndExcluding": "1.1.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*", "matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jnr3210_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "79F5CFE2-19F3-4A52-93D9-FFC092C774B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jnr3210:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C02F2D-ED67-411A-AB68-F0AD0DB6C0D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9E56E01-D7C9-4E5A-B6AC-45293C063ABC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754."}, {"lang": "es", "value": "Esta vulnerabilidad permite a atacantes adyacentes a la red divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de los enrutadores NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210 y WNR2020 con versiones de firmware 1.0.66. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro del servicio mini_httpd, que escucha en el puerto TCP 80 por defecto. El problema resulta de una l\u00f3gica de coincidencia de cadenas incorrecta cuando se accede a p\u00e1ginas protegidas. Un atacante puede aprovechar esta vulnerabilidad para revelar las credenciales almacenadas, conllevando a un mayor compromiso. Fue ZDI-CAN-10754"}], "id": "CVE-2020-17409", "lastModified": "2020-12-03T15:46:34.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-13T17:15:13.777", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1176/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}