VAR-200405-0038
Vulnerability from variot - Updated: 2025-04-03 22:21Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. NetGear RP114 router can access management through TELNET and HTTP.
NetGear RP114 router content filtering problem, remote attackers can use this vulnerability to access restricted resources.
If the URI string requested by the user exceeds 220 bytes, the content filtering function of NetGear RP114 can be bypassed. This problem can cause administrators to ignore some security. This vulnerability may result in a false sense of security for a network administrator, where a malicious website is believed to be unreachable. In reality any host may contact blacklisted websites. D-Link DIR-100 long url filter evasion
scip AG Vulnerability ID 3808 (09/08/2008) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808
I. INTRODUCTION
D-Link DIR-100 is a small and cost-effective router and firewall device for small offices and home users. More details are available at the official product web site (German link):
http://www.dlink.de/?go=gNTyP9CgrdFOIC4AStFCF834mptYKO9ZTdvhLPG3yV3oV492gqltbNlwaaFp6DQoHDrpxC5H+40AAdvl
II. DESCRIPTION
Marc Ruef at scip AG found a possibility to evade url filters of the web proxy to prevent access to web sites.
An attacker might add a very long string to the url to access web resources althought their access is forbidden.
This problem could be verified in all firmware versions up to v1.12.
A similar vulnerability was already detected years ago in a similar device Netgear RP114. [1, 2]
III. EXPLOITATION
It is possible to exploit the vulnerability with a common web browser by using a long url (approx. 1'300 chars). You can expand the length of the url by adding a non-used http get request parameter. Example url:
http://www.scip.ch/?foo=aaa(...)
A video illustrating this issue is available at the following url:
http://de.youtube.com/watch?v=WTzPn37XNl4
The Attack Tool Kit (ATK)[3] is able to exploit this vulnerability with the following generic ASL code (expand the long URL request):
open|send GET http://www.scip.ch/?foo=aaa(...)
HTTP/1.0\n\n|sleep|close|pattern_not_exists This URL is blocked by administrator !
IV.
V. DETECTION
Detection of web based attacks requires a specialized web proxy and/or intrusion detection system. Patterns for such a detection are available and easy to implement.
VI. SOLUTION
We have informed D-Link on an early stage. Our technical requests were not answered nor confirmed. Therefore, not official statement, patch or upgrade is available.
We suggest the use of another device for filtering forbidden web resources successfully.
VII. VENDOR RESPONSE
D-Link has been informed first via the unhandy web form at http://www.dlink.com (no public mail address for such cases could be found). The first responses claimed that the problem must be within a wrong configuration setting. Further discussions were initiated.
The support was not able to understand the problem. Not even after several step-by-step guides and examples. They always suggest I have to upgrade to the latest firmware and they could not verify the problem. Therefore, no official solution, workaround or patch is available.
VIII. SOURCES
scip AG - Security Consulting Information Process (german) http://www.scip.ch/
scip AG Vulnerability Database (german) http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808
computec.ch document data base (german) http://www.computec.ch/download.php
IX. DISCLOSURE TIMELINE
2008/07/25 Identification of the vulnerability by Marc Ruef 2008/07/28 First information to D-Link via web form 2008/07/28 First reply by D-Link support via support@service.dlink.biz (ticket id 1375981) 2008/07/29 Providing our config for further analysis 2008/08/06 Request for actual status (no reply) 2008/08/29 Another request for actual status 2008/08/29 Response could not verify the problem 2008/09/01 Detailed explanation of the exploitation 2008/09/01 Responder could still not understand the problem 2008/09/08 Public disclosure of the advisory
X. CREDITS
The vulnerability was discovered by Marc Ruef.
Marc Ruef, scip AG, Zuerich, Switzerland
maru-at-scip.ch
http://www.scip.ch/
A1. BIBLIOGRAPHY
[1] http://www.securityfocus.com/bid/10404 [2] http://seclists.org/bugtraq/2004/May/0263.html [3] http://www.computec.ch/projekte/atk/
A2. LEGAL NOTICES
Copyright (c) 2007-2008 scip AG, Switzerland.
Permission is granted for the re-distribution of this alert. It may not be edited in any way without permission of scip AG.
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage from use of or reliance on this advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200405-0038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rp114",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "3.26"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1507"
},
{
"db": "BID",
"id": "10404"
},
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef\u203b marc.ruef@computec.ch",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2032",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10460",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200405-059",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10460",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10460"
},
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. NetGear RP114 router can access management through TELNET and HTTP. \n\n\u00a0NetGear RP114 router content filtering problem, remote attackers can use this vulnerability to access restricted resources. \n\n\u00a0If the URI string requested by the user exceeds 220 bytes, the content filtering function of NetGear RP114 can be bypassed. This problem can cause administrators to ignore some security. \nThis vulnerability may result in a false sense of security for a network administrator, where a malicious website is believed to be unreachable. In reality any host may contact blacklisted websites. D-Link DIR-100 long url filter evasion\n\nscip AG Vulnerability ID 3808 (09/08/2008)\nhttp://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808\n\nI. INTRODUCTION\n\nD-Link DIR-100 is a small and cost-effective router and firewall device\nfor small offices and home users. More details are available at the\nofficial product web site (German link):\n\n\nhttp://www.dlink.de/?go=gNTyP9CgrdFOIC4AStFCF834mptYKO9ZTdvhLPG3yV3oV492gqltbNlwaaFp6DQoHDrpxC5H+40AAdvl\n\nII. DESCRIPTION\n\nMarc Ruef at scip AG found a possibility to evade url filters of the web\nproxy to prevent access to web sites. \n\nAn attacker might add a very long string to the url to access web\nresources althought their access is forbidden. \n\nThis problem could be verified in all firmware versions up to v1.12. \n\nA similar vulnerability was already detected years ago in a similar\ndevice Netgear RP114. [1, 2]\n\nIII. EXPLOITATION\n\nIt is possible to exploit the vulnerability with a common web browser by\nusing a long url (approx. 1\u0027300 chars). You can expand the length of the\nurl by adding a non-used http get request parameter. Example url:\n\n http://www.scip.ch/?foo=aaa(...)\n\nA video illustrating this issue is available at the following url:\n\n http://de.youtube.com/watch?v=WTzPn37XNl4\n\nThe Attack Tool Kit (ATK)[3] is able to exploit this vulnerability with\nthe following generic ASL code (expand the long URL request):\n\n open|send GET http://www.scip.ch/?foo=aaa(...)\nHTTP/1.0\\n\\n|sleep|close|pattern_not_exists *This URL is \u003cfont\ncolor=red\u003eblocked\u003c/font\u003e by administrator !*\n\nIV. \n\nV. DETECTION\n\nDetection of web based attacks requires a specialized web proxy and/or\nintrusion detection system. Patterns for such a detection are available\nand easy to implement. \n\nVI. SOLUTION\n\nWe have informed D-Link on an early stage. Our technical requests were\nnot answered nor confirmed. Therefore, not official statement, patch or\nupgrade is available. \n\nWe suggest the use of another device for filtering forbidden web\nresources successfully. \n\nVII. VENDOR RESPONSE\n\nD-Link has been informed first via the unhandy web form at\nhttp://www.dlink.com (no public mail address for such cases could be\nfound). The first responses claimed that the problem must be within a\nwrong configuration setting. Further discussions were initiated. \n\nThe support was not able to understand the problem. Not even after\nseveral step-by-step guides and examples. They always suggest I have to\nupgrade to the latest firmware and they could not verify the problem. \nTherefore, no official solution, workaround or patch is available. \n\nVIII. SOURCES\n\nscip AG - Security Consulting Information Process (german)\nhttp://www.scip.ch/\n\nscip AG Vulnerability Database (german)\nhttp://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808\n\ncomputec.ch document data base (german)\nhttp://www.computec.ch/download.php\n\nIX. DISCLOSURE TIMELINE\n\n2008/07/25 Identification of the vulnerability by Marc Ruef\n2008/07/28 First information to D-Link via web form\n2008/07/28 First reply by D-Link support via support@service.dlink.biz\n(ticket id 1375981)\n2008/07/29 Providing our config for further analysis\n2008/08/06 Request for actual status (no reply)\n2008/08/29 Another request for actual status\n2008/08/29 Response could not verify the problem\n2008/09/01 Detailed explanation of the exploitation\n2008/09/01 Responder could still not understand the problem\n2008/09/08 Public disclosure of the advisory\n\nX. CREDITS\n\nThe vulnerability was discovered by Marc Ruef. \n\n Marc Ruef, scip AG, Zuerich, Switzerland\n maru-at-scip.ch\n http://www.scip.ch/\n\nA1. BIBLIOGRAPHY\n\n[1] http://www.securityfocus.com/bid/10404\n[2] http://seclists.org/bugtraq/2004/May/0263.html\n[3] http://www.computec.ch/projekte/atk/\n\nA2. LEGAL NOTICES\n\nCopyright (c) 2007-2008 scip AG, Switzerland. \n\nPermission is granted for the re-distribution of this alert. It may not\nbe edited in any way without permission of scip AG. \n\nThe information in the advisory is believed to be accurate at the time\nof publishing based on currently available information. There are no\nwarranties with regard to this information. Neither the author nor the\npublisher accepts any liability for any direct, indirect or\nconsequential loss or damage from use of or reliance on this advisory",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2032"
},
{
"db": "CNVD",
"id": "CNVD-2004-1507"
},
{
"db": "BID",
"id": "10404"
},
{
"db": "VULHUB",
"id": "VHN-10460"
},
{
"db": "PACKETSTORM",
"id": "69733"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10460",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10460"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2032",
"trust": 2.3
},
{
"db": "BID",
"id": "10404",
"trust": 2.1
},
{
"db": "OSVDB",
"id": "6411",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11698",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200405-059",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-1507",
"trust": 0.6
},
{
"db": "XF",
"id": "114",
"trust": 0.6
},
{
"db": "XF",
"id": "16238",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040524 NETGEAR RP114 URL FILTER FAILS IF URL IS TOO LONG",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "24140",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-77875",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10460",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69733",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1507"
},
{
"db": "VULHUB",
"id": "VHN-10460"
},
{
"db": "BID",
"id": "10404"
},
{
"db": "PACKETSTORM",
"id": "69733"
},
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"id": "VAR-200405-0038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10460"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:21:56.023000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/10404"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6411"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11698"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16238"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108541203427391\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16238"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108541203427391\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/product_view.asp?xrp=4\u0026yrp=12\u0026zrp=93"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108541203427391\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://de.youtube.com/watch?v=wtzpn37xnl4"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
},
{
"trust": 0.1,
"url": "http://www.dlink.com"
},
{
"trust": 0.1,
"url": "http://www.computec.ch/projekte/atk/"
},
{
"trust": 0.1,
"url": "http://www.dlink.de/?go=gntyp9cgrdfoic4astfcf834mptyko9ztdvhlpg3yv3ov492gqltbnlwaafp6dqohdrpxc5h+40aadvl"
},
{
"trust": 0.1,
"url": "http://www.computec.ch/download.php"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/"
},
{
"trust": 0.1,
"url": "http://seclists.org/bugtraq/2004/may/0263.html"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/?foo=aaa(...)"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10460"
},
{
"db": "BID",
"id": "10404"
},
{
"db": "PACKETSTORM",
"id": "69733"
},
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-1507"
},
{
"db": "VULHUB",
"id": "VHN-10460"
},
{
"db": "BID",
"id": "10404"
},
{
"db": "PACKETSTORM",
"id": "69733"
},
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1507"
},
{
"date": "2004-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-10460"
},
{
"date": "2004-05-24T00:00:00",
"db": "BID",
"id": "10404"
},
{
"date": "2008-09-08T15:23:16",
"db": "PACKETSTORM",
"id": "69733"
},
{
"date": "2004-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"date": "2004-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1507"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10460"
},
{
"date": "2004-05-24T00:00:00",
"db": "BID",
"id": "10404"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200405-059"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear RP114 content filtering bypasses vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1507"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200405-059"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.