Vulnerability Description
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Wndr4700 Firmware | 1.0.0.34 |
| Netgear | Wndr4700 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52Vendor Advisory
- https://www.ise.io/casestudies/exploiting-soho-routers/Third Party Advisory
- https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ExploitThird Party Advisory
- https://www.ise.io/soho_service_hacks/Third Party Advisory
- https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52Vendor Advisory
- https://www.ise.io/casestudies/exploiting-soho-routers/Third Party Advisory
- https://www.ise.io/research/studies-and-papers/netgear_wndr4700/ExploitThird Party Advisory
- https://www.ise.io/soho_service_hacks/Third Party Advisory
FAQ
What is CVE-2013-3072?
CVE-2013-3072 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, caus...
How severe is CVE-2013-3072?
CVE-2013-3072 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2013-3072?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wndr4700 Firmware, Netgear Wndr4700.