Search criteria
9 vulnerabilities found for dg632 by netgear
VAR-200906-0228
Vulnerability from variot - Updated: 2025-04-10 22:56The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. NetGear DG632 router is prone to multiple remote vulnerabilities. An attacker with access to the web interface of the router can exploit these issues to enumerate files and directories in the router's 'www' directory, cause denial-of-service conditions, and bypass authentication to administrative scripts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dg632",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.4.0_ap"
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "3.4.0_ap"
},
{
"model": "dg632 3.4.0 ap",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:dg632",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Neaves",
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2256",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-39702",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2256",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2256",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39702",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. NetGear DG632 router is prone to multiple remote vulnerabilities. \nAn attacker with access to the web interface of the router can exploit these issues to enumerate files and directories in the router\u0027s \u0027www\u0027 directory, cause denial-of-service conditions, and bypass authentication to administrative scripts",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2256"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "VULHUB",
"id": "VHN-39702"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39702",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2256",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "8964",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022403",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090616 RE[2]: [FULL-DISCLOSURE] NETGEAR DG632 ROUTER REMOTE DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090615 RE: NETGEAR DG632 ROUTER REMOTE DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "8964",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453",
"trust": 0.6
},
{
"db": "BID",
"id": "35376",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-39702",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"id": "VAR-200906-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:56:34.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022403"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2256"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2256"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504345/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504341/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8964"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt"
},
{
"trust": 0.3,
"url": "/archive/1/504312"
},
{
"trust": 0.3,
"url": "/archive/1/504313"
},
{
"trust": 0.3,
"url": "/archive/1/504341"
},
{
"trust": 0.3,
"url": "/archive/1/504345"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39702"
},
{
"date": "2009-06-15T00:00:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"date": "2009-06-30T10:30:21.717000",
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39702"
},
{
"date": "2009-07-09T20:36:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear DG632 Management running on top Web Service disruption at the interface (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
}
],
"trust": 0.6
}
}
VAR-200906-0230
Vulnerability from variot - Updated: 2025-04-10 22:56Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. NetGear DG632 router is prone to multiple remote vulnerabilities. The Netgear DG632 router runs a web interface on port 80, allowing administrators to log in and manage the device's settings. Authentication to this web interface is handled by a script named webcm in /cgi-bin/, which redirects to relevant pages based on the user's authentication status. The webcm script handles user authentication and tries to load indextop.htm via the following javascript. The indextop.htm page requires HTTP Basic Authentication. --- function loadnext() { //document.forms[0].target.value="top"; document.forms[0].submit() ; //top.location.href="../cgi-bin/webcm?nextpage=../html/indextop.htm"; } Loading file ... --- If a valid username for the default admin user is provided, the script will continue to load the indextop.htm page and load other frames based on hidden fields; if the user authentication fails, it will return to "../cgi-bin/webcm" . Normal use: http://TARGET_IP/cgi-bin/webcm?nextpage=../html/stattbl.htm This will ask the user to authenticate and deny access to this file if the authentication details are unknown. The same stattbl.htm file can be accessed without providing any credentials using the following URL: http://TARGET_IP/html/stattbl.htm
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dg632",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.4.0_ap"
},
{
"model": "dg632",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dg632",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "3.4.0_ap"
},
{
"model": "dg632 3.4.0 ap",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:dg632",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:dg632_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Neaves",
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2258",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-39704",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2258",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2258",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-442",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39704",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39704"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. NetGear DG632 router is prone to multiple remote vulnerabilities. The Netgear DG632 router runs a web interface on port 80, allowing administrators to log in and manage the device\u0027s settings. Authentication to this web interface is handled by a script named webcm in /cgi-bin/, which redirects to relevant pages based on the user\u0027s authentication status. The webcm script handles user authentication and tries to load indextop.htm via the following javascript. The indextop.htm page requires HTTP Basic Authentication. --- \u003cscript language=\"javascript\" type=\"text/javascript\"\u003e function loadnext() { //document.forms[0].target.value=\"top\"; document.forms[0].submit() ; //top.location.href=\"../cgi-bin/webcm?nextpage=../html/indextop.htm\"; }\u003c/script\u003e\u003c/head\u003e \u003cbody bgcolor=\"#ffffff\" onload= \"loadnext()\" \u003e Loading file ... \u003cform method=\"POST\" action=\"../cgi-bin/webcm\" id=\"uiPostForm\"\u003e \u003cinput type=\"hidden\" name=\"nextpage\" value= \"../html/indextop.htm\" id=\"uiGetNext\"\u003e \u003c/form\u003e --- If a valid username for the default admin user is provided, the script will continue to load the indextop.htm page and load other frames based on hidden fields; if the user authentication fails, it will return to \"../cgi-bin/webcm\" . Normal use: http://TARGET_IP/cgi-bin/webcm?nextpage=../html/stattbl.htm This will ask the user to authenticate and deny access to this file if the authentication details are unknown. The same stattbl.htm file can be accessed without providing any credentials using the following URL: http://TARGET_IP/html/stattbl.htm",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2258"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "VULHUB",
"id": "VHN-39704"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39704",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39704"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2258",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "8963",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022404",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773",
"trust": 0.8
},
{
"db": "MILW0RM",
"id": "8963",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090615 NETGEAR DG632 ROUTER AUTHENTICATION BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442",
"trust": 0.6
},
{
"db": "BID",
"id": "35376",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-39704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39704"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"id": "VAR-200906-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39704"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:56:34.133000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39704"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022404"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2258"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2258"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504312/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8963"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt"
},
{
"trust": 0.3,
"url": "/archive/1/504312"
},
{
"trust": 0.3,
"url": "/archive/1/504313"
},
{
"trust": 0.3,
"url": "/archive/1/504341"
},
{
"trust": 0.3,
"url": "/archive/1/504345"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39704"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39704"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39704"
},
{
"date": "2009-06-15T00:00:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"date": "2009-06-30T10:30:21.813000",
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39704"
},
{
"date": "2009-07-09T20:36:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004773"
},
{
"date": "2009-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-442"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear DG632 Management running on top Web Directory traversal vulnerability in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004773"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-442"
}
],
"trust": 0.6
}
}
VAR-200906-0229
Vulnerability from variot - Updated: 2025-04-10 22:56The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. NetGear DG632 router is prone to multiple remote vulnerabilities. Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: tom@tomneaves.co.uk < tom@tomneaves.co.uk > Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device's settings. Authentication of this web interface is handled by a script called "webcm" residing in "/cgi-bin/" which redirects to the relevant pages depending on successful user authentication. Vulnerabilities in this interface enable an attacker to access files and data without authentication. II. DETAILS The "webcm" script handles user authentication and attempts to load "indextop.htm" (via javascript below). The "indextop.htm" page requires authentication (HTTP Basic Authorization). --- <script..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dg632",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.4.0_ap"
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "3.4.0_ap"
},
{
"model": "dg632 3.4.0 ap",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:dg632",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Neaves",
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2257",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-39703",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2257",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2257",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-454",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39703",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. NetGear DG632 router is prone to multiple remote vulnerabilities. Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: tom@tomneaves.co.uk \u0026lt; tom@tomneaves.co.uk \u0026gt; Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device\u0027s settings. Authentication of this web interface is handled by a script called \u0026quot;webcm\u0026quot; residing in \u0026quot;/cgi-bin/\u0026quot; which redirects to the relevant pages depending on successful user authentication. Vulnerabilities in this interface enable an attacker to access files and data without authentication. II. DETAILS The \u0026quot;webcm\u0026quot; script handles user authentication and attempts to load \u0026quot;indextop.htm\u0026quot; (via javascript below). The \u0026quot;indextop.htm\u0026quot; page requires authentication (HTTP Basic Authorization). --- \u0026lt;script..",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2257"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "VULHUB",
"id": "VHN-39703"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39703",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2257",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "8963",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022404",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772",
"trust": 0.8
},
{
"db": "MILW0RM",
"id": "8963",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090615 NETGEAR DG632 ROUTER AUTHENTICATION BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454",
"trust": 0.6
},
{
"db": "BID",
"id": "35376",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-11625",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-39703",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"id": "VAR-200906-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:56:34.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022404"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2257"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2257"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504312/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8963"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt"
},
{
"trust": 0.3,
"url": "/archive/1/504312"
},
{
"trust": 0.3,
"url": "/archive/1/504313"
},
{
"trust": 0.3,
"url": "/archive/1/504341"
},
{
"trust": 0.3,
"url": "/archive/1/504345"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39703"
},
{
"date": "2009-06-15T00:00:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"date": "2009-06-30T10:30:21.780000",
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39703"
},
{
"date": "2009-07-09T20:36:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear DG632 Management running on top Web Vulnerabilities that bypass authentication in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
}
],
"trust": 0.6
}
}
CVE-2009-2258 (GCVE-0-2009-2258)
Vulnerability from nvd – Published: 2009-06-30 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2009-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2258",
"datePublished": "2009-06-30T10:00:00.000Z",
"dateReserved": "2009-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2257 (GCVE-0-2009-2257)
Vulnerability from nvd – Published: 2009-06-30 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2009-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2257",
"datePublished": "2009-06-30T10:00:00.000Z",
"dateReserved": "2009-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2256 (GCVE-0-2009-2256)
Vulnerability from nvd – Published: 2009-06-30 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2009-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022403"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022403"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2256",
"datePublished": "2009-06-30T10:00:00.000Z",
"dateReserved": "2009-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2256 (GCVE-0-2009-2256)
Vulnerability from cvelistv5 – Published: 2009-06-30 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2009-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022403"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022403"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2256",
"datePublished": "2009-06-30T10:00:00.000Z",
"dateReserved": "2009-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2257 (GCVE-0-2009-2257)
Vulnerability from cvelistv5 – Published: 2009-06-30 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2009-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2257",
"datePublished": "2009-06-30T10:00:00.000Z",
"dateReserved": "2009-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2258 (GCVE-0-2009-2258)
Vulnerability from cvelistv5 – Published: 2009-06-30 10:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2009-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt"
},
{
"name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"name": "8963",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"name": "1022404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2258",
"datePublished": "2009-06-30T10:00:00.000Z",
"dateReserved": "2009-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}