إرسال #276026: Netgear R7000 — Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.136_10.2.120 Incorrect Access Controlالمعلومات

عنوانNetgear R7000 — Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.136_10.2.120 Incorrect Access Control
الوصف# Info Leak in Netgear-R7000 Router ## Overview * Type: Information leak * Supplier: Netgear (https://www.netgear.com/) * Product: R7000 — Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router * Affect version: (lastest) V1.0.11.136_10.2.120 * Firmware download: https://www.downloads.netgear.com/files/GDC/R7000/R7000-V1.0.11.136_10.2.120.zip?_ga=2.104770566.764029436.1681304815-1560383626.1681304810 ## Description An information leaking vulnerability is at the web management interface of the affected routers. Without any permission, an attacker can get sensitive information from the victim URL. The victim URL is a hidden interface and isn't been protected by authentication. ## Business Impact The leaked information is sensitive and could result in serious damage. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust. ## Steps to Reproduce Visit the victim URL from the web, sensitive information about WAN information and product model is exposed.
المصدر⚠️ https://github.com/leetsun/Hints/tree/main/R7000/2
المستخدم
 leetsun (UID 39457)
ارسال01/02/2024 05:58 AM (2 سنوات منذ)
الاعتدال10/02/2024 10:43 AM (9 days later)
الحالةتمت الموافقة
إدخال VulDB253382 [Netgear R7000 1.0.11.136_10.2.120 Web Management Interface /debuginfo.htm الكشف عن المعلومات]
النقاط20

Do you want to use VulDB in your project?

Use the official API to access entries easily!