Software Engineering Institute

Netgear's ProSafe Wireless-N Access Point WNAP210 contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrator password. An attacker with network access to the device can navigate to the web page http://NetGearDeviceIP/BackupConfig.php. The attacker will be prompted to download the device's configuration without entering any login credentials. This configuration file will contain the device's administrator password stored in plaintext.

A second vulnerability found in Netgear's ProSafe Wireless-N Access Point WNAP210 allows a remote unauthenticated attacker to bypass the device's login web page allowing the attacker to directly access the device's configuration web page. An attacker with network access to the device can navigate to the web page http://NetGearDeviceIP/recreate.php. The web page will display "recreateok". Next the attacker would navigate to the web page http://NetGearDeviceIP/index.php, permitting them direct access to the device's configuration web page without entering any login credentials.

This vulnerability has been reported in Netgear's ProSafe Wireless-N Access Point WNAP210 firmware version 2.0.12.

A remote unauthenticated attacker may be able to retrieve the device's administrator password, and bypass the device's login web page allowing them to directly access the device's configuration web page.

Update

This vulnerability has been addressed in Netgear's ProSafe Wireless-N Access Point WNAP210 firmware version 2.0.27.

Restrict network access

Restrict network access to the Netgear's ProSafe Wireless-N Access Point WNAP210 system web interface and other devices using open protocols like HTTP.