Vulnerabilities > CVE-2014-4864 - Credentials Management vulnerability in Netgear Prosafe Firmware

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

netgear

CWE-255

NVD

Published: 2014-09-10

Updated: 2014-09-10

Summary

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear Prosafe Firmware 5.0.4.4 Netgear Prosafe Firmware 5.3.0.17 Netgear Prosafe Firmware 5.4.0.6 Netgear Prosafe Firmware 5.4.1.10 Netgear Prosafe Firmware 5.4.1.13 Netgear Prosafe Firmware 5.4.1.14 Netgear Prosafe Firmware 6.1.0.12	7

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/135480/netgearGS105Ev2-xssbypassxsrf.txt
id	PACKETSTORM:135480
last seen	2016-12-05
published	2016-01-28
reporter	Benedikt Westermann
source	https://packetstormsecurity.com/files/135480/Netgear-GS105Ev2-Authentication-Bypass-XSS-CSRF.html
title	Netgear GS105Ev2 Authentication Bypass / XSS / CSRF

References

http://www.kb.cert.org/vuls/id/396212