Search criteria
4 vulnerabilities found for wgr614v7 by netgear
VAR-202002-0042
Vulnerability from variot - Updated: 2024-08-14 13:44An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. NEtGEAR WGR614 v7 and v9 There is an information leakage vulnerability in. I've been reverse engineering the Netgear WGR614 wireless router, which has been one of the most popular devices shipped by major ISPs in the UK over the last ten years.
After disassembling the device and identifying the components, I noticed that the firmware and all settings are stored on a single EEPROM (flash) chip, specifically a Macronix MX25L1605 SPI 16Mbit EEPROM. Other variants of the device may use slightly different chips, but they all seem to use SPI EEPROMs with identical I/O commands. I de-soldered the IC and hooked it up to a BusPirate, and used it to extract the entire contents of the chip.
I quickly discovered two interesting things:
First, I found a hard-coded credential used for direct serial programming. Using it requires direct physical access and you have to solder wires onto the board. Despite this not being particularly interesting, this issue has been assigned as CVE-2012-6340 anyway. It's always good to have the information out there.
Second, I noticed that there were multiple copies of my config file, and all passwords (for both control panel and wifi) within them are plain-text. It turns out that, in order to prevent config file corruption, the router re-generates the entire config file and writes a new copy directly after the previous one. It then activates the new config, and soft-deletes the old file by removing its entry from a list. Once you've changed the config several times (about 11 on this device), it hits the end of the flash chip's storage and cycles back to the original address. However, it does not actually wipe the old config files. A factory reset does not fix this; it simply restores a default config file onto the lower address. As such, an attacker who steals the device may recover the last-used passwords and config, as well as many previous passwords and configuration data. There also seems to be some storage of DHCP client information, but the data I have is inconclusive due to it being partially overwritten.
This has been confirmed on the WGR614v7 and WGR614v9 models, and is expected to be the case on all other revisions. It also looks like the WGR624 model has the same design, so other models in the same series may be affected too
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wgr614v9",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v7",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v7",
"scope": null,
"trust": 0.8,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v9",
"scope": null,
"trust": 0.8,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wgr614v7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wgr614v9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Graham Sutherland",
"sources": [
{
"db": "PACKETSTORM",
"id": "118854"
}
],
"trust": 0.1
},
"cve": "CVE-2012-6341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2012-6341",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2012-006620",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2012-6341",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2012-006620",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6341",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2012-006620",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-189",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-189"
},
{
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. NEtGEAR WGR614 v7 and v9 There is an information leakage vulnerability in. I\u0027ve been reverse engineering the Netgear WGR614 wireless router, which has been one of the most popular devices shipped by major ISPs in the UK over the last ten years. \n\nAfter disassembling the device and identifying the components, I noticed that the firmware and all settings are stored on a single EEPROM (flash) chip, specifically a Macronix MX25L1605 SPI 16Mbit EEPROM. Other variants of the device may use slightly different chips, but they all seem to use SPI EEPROMs with identical I/O commands. I de-soldered the IC and hooked it up to a BusPirate, and used it to extract the entire contents of the chip. \n\nI quickly discovered two interesting things:\n\nFirst, I found a hard-coded credential used for direct serial programming. Using it requires direct physical access and you have to solder wires onto the board. Despite this not being particularly interesting, this issue has been assigned as CVE-2012-6340 anyway. It\u0027s always good to have the information out there. \n\nSecond, I noticed that there were multiple copies of my config file, and all passwords (for both control panel and wifi) within them are plain-text. It turns out that, in order to prevent config file corruption, the router re-generates the entire config file and writes a new copy directly after the previous one. It then activates the new config, and soft-deletes the old file by removing its entry from a list. Once you\u0027ve changed the config several times (about 11 on this device), it hits the end of the flash chip\u0027s storage and cycles back to the original address. However, it does not actually wipe the old config files. A factory reset does not fix this; it simply restores a default config file onto the lower address. As such, an attacker who steals the device may recover the last-used passwords and config, as well as many previous passwords and configuration data. There also seems to be some storage of DHCP client information, but the data I have is inconclusive due to it being partially overwritten. \n\nThis has been confirmed on the WGR614v7 and WGR614v9 models, and is expected to be the case on all other revisions. It also looks like the WGR624 model has the same design, so other models in the same series may be affected too",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6341"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "PACKETSTORM",
"id": "118854"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6341",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-189",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "118854",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "PACKETSTORM",
"id": "118854"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-189"
},
{
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"id": "VAR-202002-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:44:25.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WGR614v9 - 54 Mbps Wireless Router",
"trust": 0.8,
"url": "https://www.netgear.com/support/product/WGR614v9.aspx"
},
{
"title": "WGR614v7 - 54 Mbps Wireless Router",
"trust": 0.8,
"url": "https://www.jp.netgear.com/support/product/WGR614v7.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.securityfocus.com/archive/1/525042"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/date/2012-12-14/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6341"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6340"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "PACKETSTORM",
"id": "118854"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-189"
},
{
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"db": "PACKETSTORM",
"id": "118854"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-189"
},
{
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"date": "2012-12-14T23:54:44",
"db": "PACKETSTORM",
"id": "118854"
},
{
"date": "2020-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-189"
},
{
"date": "2020-02-06T19:15:10.820000",
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006620"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-189"
},
{
"date": "2020-02-12T16:15:41.817000",
"db": "NVD",
"id": "CVE-2012-6341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NEtGEAR WGR614 v7 and v9 Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006620"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-189"
}
],
"trust": 0.6
}
}
VAR-202002-0041
Vulnerability from variot - Updated: 2024-08-14 13:44An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. This vulnerability is CVE-2006-1002 Vulnerability related to.Information may be obtained. I've been reverse engineering the Netgear WGR614 wireless router, which has been one of the most popular devices shipped by major ISPs in the UK over the last ten years.
After disassembling the device and identifying the components, I noticed that the firmware and all settings are stored on a single EEPROM (flash) chip, specifically a Macronix MX25L1605 SPI 16Mbit EEPROM. Other variants of the device may use slightly different chips, but they all seem to use SPI EEPROMs with identical I/O commands. I de-soldered the IC and hooked it up to a BusPirate, and used it to extract the entire contents of the chip.
I quickly discovered two interesting things:
First, I found a hard-coded credential used for direct serial programming. Using it requires direct physical access and you have to solder wires onto the board. Despite this not being particularly interesting, this issue has been assigned as CVE-2012-6340 anyway. It's always good to have the information out there.
Second, I noticed that there were multiple copies of my config file, and all passwords (for both control panel and wifi) within them are plain-text. It turns out that, in order to prevent config file corruption, the router re-generates the entire config file and writes a new copy directly after the previous one. It then activates the new config, and soft-deletes the old file by removing its entry from a list. Once you've changed the config several times (about 11 on this device), it hits the end of the flash chip's storage and cycles back to the original address. However, it does not actually wipe the old config files.
This issue, assigned CVE-2012-6341, results in the ability to recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. A factory reset does not fix this; it simply restores a default config file onto the lower address. As such, an attacker who steals the device may recover the last-used passwords and config, as well as many previous passwords and configuration data. There also seems to be some storage of DHCP client information, but the data I have is inconclusive due to it being partially overwritten.
This has been confirmed on the WGR614v7 and WGR614v9 models, and is expected to be the case on all other revisions. It also looks like the WGR624 model has the same design, so other models in the same series may be affected too
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wgr614v9",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v7",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v7",
"scope": null,
"trust": 0.8,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v9",
"scope": null,
"trust": 0.8,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wgr614v7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wgr614v9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Graham Sutherland",
"sources": [
{
"db": "PACKETSTORM",
"id": "118854"
}
],
"trust": 0.1
},
"cve": "CVE-2012-6340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2012-6340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2012-006603",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2012-6340",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2012-006603",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6340",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2012-006603",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-182",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-6340",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-182"
},
{
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. This vulnerability is CVE-2006-1002 Vulnerability related to.Information may be obtained. I\u0027ve been reverse engineering the Netgear WGR614 wireless router, which has been one of the most popular devices shipped by major ISPs in the UK over the last ten years. \n\nAfter disassembling the device and identifying the components, I noticed that the firmware and all settings are stored on a single EEPROM (flash) chip, specifically a Macronix MX25L1605 SPI 16Mbit EEPROM. Other variants of the device may use slightly different chips, but they all seem to use SPI EEPROMs with identical I/O commands. I de-soldered the IC and hooked it up to a BusPirate, and used it to extract the entire contents of the chip. \n\nI quickly discovered two interesting things:\n\nFirst, I found a hard-coded credential used for direct serial programming. Using it requires direct physical access and you have to solder wires onto the board. Despite this not being particularly interesting, this issue has been assigned as CVE-2012-6340 anyway. It\u0027s always good to have the information out there. \n\nSecond, I noticed that there were multiple copies of my config file, and all passwords (for both control panel and wifi) within them are plain-text. It turns out that, in order to prevent config file corruption, the router re-generates the entire config file and writes a new copy directly after the previous one. It then activates the new config, and soft-deletes the old file by removing its entry from a list. Once you\u0027ve changed the config several times (about 11 on this device), it hits the end of the flash chip\u0027s storage and cycles back to the original address. However, it does not actually wipe the old config files. \n\nThis issue, assigned CVE-2012-6341, results in the ability to recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. A factory reset does not fix this; it simply restores a default config file onto the lower address. As such, an attacker who steals the device may recover the last-used passwords and config, as well as many previous passwords and configuration data. There also seems to be some storage of DHCP client information, but the data I have is inconclusive due to it being partially overwritten. \n\nThis has been confirmed on the WGR614v7 and WGR614v9 models, and is expected to be the case on all other revisions. It also looks like the WGR624 model has the same design, so other models in the same series may be affected too",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6340"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"db": "PACKETSTORM",
"id": "118854"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6340",
"trust": 2.6
},
{
"db": "VULDB",
"id": "7180",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "118854",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006603",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-182",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2012-6340",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "PACKETSTORM",
"id": "118854"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-182"
},
{
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"id": "VAR-202002-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:44:25.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WGR614v9 - 54 Mbps Wireless Router",
"trust": 0.8,
"url": "https://www.netgear.com/support/product/WGR614v9.aspx"
},
{
"title": "WGR614v7 - 54 Mbps Wireless Router",
"trust": 0.8,
"url": "https://www.jp.netgear.com/support/product/WGR614v7.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://vuldb.com/?id.7180"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/118854/netgear-wgr614-credential-information.html"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/archive/1/525042"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6340"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6340"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6341"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "PACKETSTORM",
"id": "118854"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-182"
},
{
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"db": "PACKETSTORM",
"id": "118854"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-182"
},
{
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"date": "2020-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"date": "2012-12-14T23:54:44",
"db": "PACKETSTORM",
"id": "118854"
},
{
"date": "2020-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-182"
},
{
"date": "2020-02-06T18:15:13.260000",
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2012-6340"
},
{
"date": "2020-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006603"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-182"
},
{
"date": "2020-02-11T18:33:08.280000",
"db": "NVD",
"id": "CVE-2012-6340"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR WGR614 v7 and v9 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006603"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-182"
}
],
"trust": 0.6
}
}
VAR-202106-2131
Vulnerability from variot - Updated: 2022-05-04 09:45WGR614v7 is a wireless router device.
NETGEAR WGR614v7 has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-2131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wgr614v7",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-36496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2021-36496",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WGR614v7 is a wireless router device.\n\r\n\r\nNETGEAR WGR614v7 has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-36496",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"id": "VAR-202106-2131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"last_update_date": "2022-05-04T09:45:59.887000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-36496"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR WGR614v7 has an information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36496"
}
],
"trust": 0.6
}
}
VAR-202106-2161
Vulnerability from variot - Updated: 2022-05-04 09:02NETGEAR WGR614v7 router is a wireless router device.
The NETGEAR WGR614v7 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-2161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wgr614v7",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-37297",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2021-37297",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR WGR614v7 router is a wireless router device.\n\r\n\r\nThe NETGEAR WGR614v7 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37297",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"id": "VAR-202106-2161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"last_update_date": "2022-05-04T09:02:08.678000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37297"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR WGR614v7 router has weak password vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37297"
}
],
"trust": 0.6
}
}