1. Home
  2. CVE Database
  3. CVE-2014-2969
HIGH · 8.3

CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memo...

Vulnerability Description

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

CVSS Score

8.3

HIGH

AV:A/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
NetgearGs108Pe Firmware1.2.0.5
NetgearGs108Pe-

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2014-2969?

CVE-2014-2969 is a vulnerability with a CVSS score of 8.3 (HIGH). NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memo...

How severe is CVE-2014-2969?

CVE-2014-2969 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2969?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Gs108Pe Firmware, Netgear Gs108Pe.