Vulnerability Note VU#928795

Netgear FVS318N router default remote management vulnerability

Original Release date: 02 Apr 2012 | Last revised: 03 Apr 2013

Overview

Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default.

Description

Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote (WAN) internet users access to the administrator web interface of the device by default.

Impact

A remote unauthenticated attacker may be able to access the administrator web interface of the device.

Solution

We are currently unaware of a practical solution to this problem.

Disable the remote management feature

We recommend users disable the remote management feature inside the administrator web interface of the device.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Netgear, Inc.Unknown16 Jan 201216 Jan 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.1 E:F/RL:W/RC:UC
Environmental 1.6 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to David Barker of Electrosonics, Inc. for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: Unknown
  • Date Public: 02 Apr 2012
  • Date First Published: 02 Apr 2012
  • Date Last Updated: 03 Apr 2013
  • Document Revision: 15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.