N/A

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.

N/A

关键功能的认证机制缺失

Netgear NETGEAR 访问控制错误漏洞

Netgear NETGEAR是美国网件（Netgear）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 NETGEAR XR1000存在访问控制错误漏洞，该漏洞源于缺少特权请求所需的身份验证。攻击者可以利用此漏洞泄露存储的凭据，从而导致进一步的入侵。

N/A

N/A