cbcvebase.
CVE-2013-4775
published 2013-12-19

CVE-2013-4775: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS…

PriorityP260high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
14.96%
96.3th percentile
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

Affected

11 ranges
VendorProductVersion rangeFixed in
netgearprosafe_firmware<= 5.4.1.13
netgearprosafe_firmware<= 5.4.1.14
netgearprosafe_firmware
netgearprosafe_firmware
netgearprosafe_firmware
netgearprosafe_firmware
netgearprosafe_firmware
netgearprosafe_firmware
netgearprosafe_gs724t
netgearprosafe_gs748t
netgearprosafe_s716t

Detection & IOCsextracted from sources · hover to see the quote

path/filesystem/startup-config
urlhttp://<target>:<port>/filesystem/startup-config
  • Alert on any unauthenticated HTTP GET request to the path /filesystem/startup-config on NETGEAR ProSafe device management interfaces, as this is the direct path exploited to retrieve encrypted credentials and startup configuration.
  • Monitor for HTTP requests to /filesystem/startup-config accompanied by the User-Agent string 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)', which is used by the public PoC exploit.
  • ·The vulnerability affects multiple NETGEAR ProSafe firmware versions across several device models; ensure detection coverage applies to all affected firmware branches (5.4.1.13 and earlier, 5.4.1.14, 5.4.0.6, 5.3.0.17, and 6.1.0.12).
  • ·The retrieved startup-config contains encrypted administrator credentials, meaning credential exposure is present even if the attacker cannot immediately decrypt them; treat any successful retrieval of this file as a critical incident.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.