CVE-2014-2969Netgear Gs108pe Firmware vulnerability

CWE-2553 documents3 sources
Severity
8.3HIGHNVD
EPSS
0.3%
top 48.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Gs108pe Firmware
Timeline
PublishedJul 7
Latest updateMay 17

Description

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h3hf-hqw2-hx35: NETGEAR GS108PE Prosafe Plus switches with firmware 12022-05-17
CVEList
CVE-2014-2969: NETGEAR GS108PE Prosafe Plus switches with firmware 12014-07-07
CVE-2014-2969 — Netgear Gs108pe Firmware vulnerability | cvebase