BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Netgear WNDR3700 Bypass

Disclosed October 31, 2013    Zeroday : 359 days

Vulnerability Description:

Affected devices are vulnerable to a security bypass flaw that permits attackers to access any part of the management interface of the device. If remote administration is enabled, this can be exploited from the Internet.

Vendors:

Netgear

Vulnerable Software/Devices:

WNDR4700 router
WNDR3700v4 router
Possibly other routers
1.0.1.42 firmware and prior

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Security Bypass
This vulnerability allows an attacker to bypass certain security restrictions on the system, allowing the attacker to gain unauthorized access to the system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31286 - Netgear WNDR3700 Bypass (20131031) (Zero-Day)
  • 31234 - Multiple Router Vendor ping6 Command Injection (Zero-Day) - Remote

Mitigation:

To help mitigate WAN-based attacks, disable the administration interface for non-local network addresses.

Links:

CVE(s):

None