VAR-200906-0228
Vulnerability from variot - Updated: 2025-04-10 22:56The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. NetGear DG632 router is prone to multiple remote vulnerabilities. An attacker with access to the web interface of the router can exploit these issues to enumerate files and directories in the router's 'www' directory, cause denial-of-service conditions, and bypass authentication to administrative scripts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dg632",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.4.0_ap"
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "3.4.0_ap"
},
{
"model": "dg632 3.4.0 ap",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:dg632",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Neaves",
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2256",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-39702",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2256",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2256",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39702",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. NetGear DG632 router is prone to multiple remote vulnerabilities. \nAn attacker with access to the web interface of the router can exploit these issues to enumerate files and directories in the router\u0027s \u0027www\u0027 directory, cause denial-of-service conditions, and bypass authentication to administrative scripts",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2256"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "VULHUB",
"id": "VHN-39702"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39702",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2256",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "8964",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022403",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090616 RE[2]: [FULL-DISCLOSURE] NETGEAR DG632 ROUTER REMOTE DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090615 RE: NETGEAR DG632 ROUTER REMOTE DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "8964",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453",
"trust": 0.6
},
{
"db": "BID",
"id": "35376",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-39702",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"id": "VAR-200906-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:56:34.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022403"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2256"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2256"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504345/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504341/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8964"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt"
},
{
"trust": 0.3,
"url": "/archive/1/504312"
},
{
"trust": 0.3,
"url": "/archive/1/504313"
},
{
"trust": 0.3,
"url": "/archive/1/504341"
},
{
"trust": 0.3,
"url": "/archive/1/504345"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39702"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39702"
},
{
"date": "2009-06-15T00:00:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"date": "2009-06-30T10:30:21.717000",
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39702"
},
{
"date": "2009-07-09T20:36:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004771"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-453"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear DG632 Management running on top Web Service disruption at the interface (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004771"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-453"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…