VAR-200212-0872
Vulnerability from variot - Updated: 2025-04-03 22:21Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. It includes Cable / DSL Prosafe 802.11b wireless firewall system.
Netgear FM114P Cable / DSL Prosafe 802.11b wireless firewall stores plain text account information during backup operations. Remote attackers can use this vulnerability to obtain account data to further attack the system.
When the FM114P Cable / DSL Prosafe 802.11b wireless firewall is configured for backup operation, the device will save the DDNS (DynDNS) account data in the system in clear text. A remote attacker can obtain account information by accessing this file to help the attacker further attack the WEB interface.
It must be noted that the backup configuration option is not enabled by default
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fm114p",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "*"
},
{
"model": "fm114p",
"scope": null,
"trust": 0.9,
"vendor": "netgear",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"db": "BID",
"id": "5943"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef\u203b marc.ruef@computec.ch",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2002-2355",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-6738",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2355",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-519",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6738",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6738"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. It includes Cable / DSL Prosafe 802.11b wireless firewall system. \n\n\u00a0Netgear FM114P Cable / DSL Prosafe 802.11b wireless firewall stores plain text account information during backup operations. Remote attackers can use this vulnerability to obtain account data to further attack the system. \n\n\u00a0When the FM114P Cable / DSL Prosafe 802.11b wireless firewall is configured for backup operation, the device will save the DDNS (DynDNS) account data in the system in clear text. A remote attacker can obtain account information by accessing this file to help the attacker further attack the WEB interface. \n\n\u00a0It must be noted that the backup configuration option is not enabled by default",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2355"
},
{
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"db": "BID",
"id": "5943"
},
{
"db": "VULHUB",
"id": "VHN-6738"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-2355",
"trust": 2.3
},
{
"db": "BID",
"id": "5943",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2002-3810",
"trust": 0.6
},
{
"db": "XF",
"id": "114",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021010 PLAIN TEXT DDNS PASSWORD IN NETGEAR FM114P BACKUPS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3652",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6738",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"db": "VULHUB",
"id": "VHN-6738"
},
{
"db": "BID",
"id": "5943"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"id": "VAR-200212-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6738"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:21:56.054000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6738"
},
{
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5943"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/294740"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10341.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3652"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6738"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"db": "VULHUB",
"id": "VHN-6738"
},
{
"db": "BID",
"id": "5943"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6738"
},
{
"date": "2002-10-10T00:00:00",
"db": "BID",
"id": "5943"
},
{
"date": "2002-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6738"
},
{
"date": "2002-10-10T00:00:00",
"db": "BID",
"id": "5943"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-519"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear FM114P Wireless Firewall Remote Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3810"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-519"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…