search menu icon-carat-right cmu-wordmark

CERT Coordination Center


NetGear WNAP210 remote password disclosure and password bypass vulnerability

Vulnerability Note VU#644812

Original Release Date: 2011-04-05 | Last Revised: 2011-09-02

Overview

NetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass.

Description

Netgear's ProSafe Wireless-N Access Point WNAP210 contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrator password. An attacker with network access to the device can navigate to the web page http://NetGearDeviceIP/BackupConfig.php. The attacker will be prompted to download the device's configuration without entering any login credentials. This configuration file will contain the device's administrator password stored in plaintext.

A second vulnerability found in Netgear's ProSafe Wireless-N Access Point WNAP210 allows a remote unauthenticated attacker to bypass the device's login web page allowing the attacker to directly access the device's configuration web page. An attacker with network access to the device can navigate to the web page http://NetGearDeviceIP/recreate.php. The web page will display "recreateok". Next the attacker would navigate to the web page http://NetGearDeviceIP/index.php, permitting them direct access to the device's configuration web page without entering any login credentials.

This vulnerability has been reported in Netgear's ProSafe Wireless-N Access Point WNAP210 firmware version 2.0.12.

Impact

A remote unauthenticated attacker may be able to retrieve the device's administrator password, and bypass the device's login web page allowing them to directly access the device's configuration web page.

Solution

Update

This vulnerability has been addressed in Netgear's ProSafe Wireless-N Access Point WNAP210 firmware version 2.0.27.

Restrict network access

Restrict network access to the Netgear's ProSafe Wireless-N Access Point WNAP210 system web interface and other devices using open protocols like HTTP.

Vendor Information

644812
Expand all

Netgear, Inc.

Notified:  January 10, 2011 Updated:  September 02, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://support.netgear.com/app/answers/detail/a_id/19381

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Trevor Seward for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 5.10
Date Public: 2011-04-05
Date First Published: 2011-04-05
Date Last Updated: 2011-09-02 18:39 UTC
Document Revision: 18

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.