VAR-200906-0229
Vulnerability from variot - Updated: 2025-04-10 22:56The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. NetGear DG632 router is prone to multiple remote vulnerabilities. Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: tom@tomneaves.co.uk < tom@tomneaves.co.uk > Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device's settings. Authentication of this web interface is handled by a script called "webcm" residing in "/cgi-bin/" which redirects to the relevant pages depending on successful user authentication. Vulnerabilities in this interface enable an attacker to access files and data without authentication. II. DETAILS The "webcm" script handles user authentication and attempts to load "indextop.htm" (via javascript below). The "indextop.htm" page requires authentication (HTTP Basic Authorization). --- <script..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dg632",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.4.0_ap"
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "3.4.0_ap"
},
{
"model": "dg632 3.4.0 ap",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg632",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:dg632",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Neaves",
"sources": [
{
"db": "BID",
"id": "35376"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2257",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-39703",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2257",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2257",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-454",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39703",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. NetGear DG632 router is prone to multiple remote vulnerabilities. Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: tom@tomneaves.co.uk \u0026lt; tom@tomneaves.co.uk \u0026gt; Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device\u0027s settings. Authentication of this web interface is handled by a script called \u0026quot;webcm\u0026quot; residing in \u0026quot;/cgi-bin/\u0026quot; which redirects to the relevant pages depending on successful user authentication. Vulnerabilities in this interface enable an attacker to access files and data without authentication. II. DETAILS The \u0026quot;webcm\u0026quot; script handles user authentication and attempts to load \u0026quot;indextop.htm\u0026quot; (via javascript below). The \u0026quot;indextop.htm\u0026quot; page requires authentication (HTTP Basic Authorization). --- \u0026lt;script..",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2257"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "VULHUB",
"id": "VHN-39703"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39703",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2257",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "8963",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1022404",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772",
"trust": 0.8
},
{
"db": "MILW0RM",
"id": "8963",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090615 NETGEAR DG632 ROUTER AUTHENTICATION BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454",
"trust": 0.6
},
{
"db": "BID",
"id": "35376",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-11625",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-39703",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"id": "VAR-200906-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:56:34.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022404"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/8963"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2257"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2257"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504312/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8963"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/"
},
{
"trust": 0.3,
"url": "http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt"
},
{
"trust": 0.3,
"url": "/archive/1/504312"
},
{
"trust": 0.3,
"url": "/archive/1/504313"
},
{
"trust": 0.3,
"url": "/archive/1/504341"
},
{
"trust": 0.3,
"url": "/archive/1/504345"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39703"
},
{
"db": "BID",
"id": "35376"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39703"
},
{
"date": "2009-06-15T00:00:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"date": "2009-06-30T10:30:21.780000",
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39703"
},
{
"date": "2009-07-09T20:36:00",
"db": "BID",
"id": "35376"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004772"
},
{
"date": "2009-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-454"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear DG632 Management running on top Web Vulnerabilities that bypass authentication in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004772"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-454"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…