CERT/CC Vulnerability Note VU#928795

Overview

Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default.

Description

Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote (WAN) internet users access to the administrator web interface of the device by default.

Impact

A remote unauthenticated attacker may be able to access the administrator web interface of the device.

Solution

We are currently unaware of a practical solution to this problem.

Disable the remote management feature

We recommend users disable the remote management feature inside the administrator web interface of the device.

Vendor Information

928795

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Netgear, Inc. Unknown

Notified: January 16, 2012 Updated: January 16, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	7.5	AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal	6.1	E:F/RL:W/RC:UC
Environmental	1.6	CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

http://www.netgear.com/business/products/security/wireless-VPN-firewalls/FVS318N.aspx

Acknowledgements

Thanks to David Barker of Electrosonics, Inc. for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:	None
Date Public:	2012-04-02
Date First Published:	2012-04-02
Date Last Updated:	2013-04-03 19:26 UTC
Document Revision:	16

Software Engineering Institute

CERT Coordination Center

Netgear FVS318N router default remote management vulnerability

Vulnerability Note VU#928795

Overview

Description

Impact

Solution

Vendor Information

Netgear, Inc. Unknown

Status

Vendor Statement

Vendor Information

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC