漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
NETGEAR 授权问题漏洞
Vulnerability Description
Netgear NETGEAR是美国网件(Netgear)公司的一款路由器。连接两个或多个网络的硬件设备,在网络间起网关的作用。 多款 NETGEAR 路由器设备存在授权问题漏洞,该漏洞源于产品中的 mini_httpd 服务未对保护页面添加有效的访问保护措施。攻击者可利用特殊字符绕过身份验证访问保护页面并可以root权限在上下文中执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A