Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NETGEAR WNR1000V4 跨站脚本漏洞
Vulnerability Description
NETGEAR WNR1000V4是美国网件(NETGEAR)公司的一款无线路由器。 NETGEAR WNR1000V4 1.1.0.54版本中的Web管理接口(setup.cgi)存在安全漏洞。攻击者可通过发送不带有cookie的FW_remote.htm&todo=cfg_init请求,读取401 Unauthorized响应中的Set-Cookie头并发送带有指定cookie的FW_remote.htm&todo=cfg_init请求利用该漏洞入侵设备。
CVSS Information
N/A
Vulnerability Type
N/A