CVE-2016-5638Cleartext Transmission of Sensitive Info in Netgear Wndr4500

CWE-319Cleartext Transmission of Sensitive InfoCWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Wndr4500Netgear Wndr4500 Firmware
Timeline
PublishedJul 24
Latest updateMay 13

Description

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Nam

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDnetgear/wndr4500_firmware1.0.1.40_1.0.6877
CVEListV5netgear/wndr4500V1.0.1.40_1.0.6877

🔴Vulnerability Details

2
GHSA
GHSA-r939-7mv3-6352: There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V12022-05-13
CVEList
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text2018-07-24
CVE-2016-5638 — Netgear Wndr4500 vulnerability | cvebase