?>/script>'; } ?> Vulnerabilidad en NETGEAR CG814WG Widgets Magazine

Autor Tema: Vulnerabilidad en NETGEAR CG814WG  (Leído 1925 veces)

0 Usuarios y 1 Visitante están viendo este tema.

Manbostar

  • Visitante
Vulnerabilidad en NETGEAR CG814WG
« en: 22-09-2011, 22:33 (Jueves) »
Buenas

Desde Australia:

http://www.senseofsecurity.com.au/advisories/SOS-11-011

Citar
Release Date.                  20-Sep-2011
Last Update.                   -
Vendor Notification Date.      22-Mar-2011
Product.                       NETGEAR Wireless Cable Modem Gateway
                               CG814WG
Affected versions.             Hardware 1.03,
                               Software V3.9.26 R14 verified,
                               possibly others
Severity Rating.               High
Impact.                        Authentication bypass,
                               Cross Site Request Forgery
Attack Vector.                 Remote without authentication
Solution Status.               Upgrade to R15 (by contacting NETGEAR)
CVE reference.                 Not yet assigned

A otros que tampoco les han hecho caso  ^-^

Citar
NETGEAR was notified of this vulnerability on 22 March 2011, but we
never received a response or acknowledgement of the issue or fix. Sense
of Security notified local ISP's and it was escalated by a local ISP
who worked with NETGEAR to develop and test an update. Sense of Security
was never provided an opportunity to validate the fixes in the latest
firmware version. Given the severity of the issue it would be prudent
for NETGEAR to notify and supply an update to all of its customers.

Saludos



alist3r

  • Visitante
Re: Vulnerabilidad en NETGEAR CG814WG
« Respuesta #1 en: 23-09-2011, 01:11 (Viernes) »
nada menos que un auth bypass en un netgear instalado por un isp...
flipa como está el patioooo