Certain NETGEAR devices allow remote malicious users to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
netgear ac1450_firmware - |
||
netgear d8500_firmware - |
||
netgear dc112a_firmware - |
||
netgear jndr3000_firmware - |
||
netgear lg2200d_firmware - |
||
netgear r4500_firmware - |
||
netgear r6200_firmware - |
||
netgear r6200v2_firmware - |
||
netgear r6250_firmware - |
||
netgear r6300_firmware - |
||
netgear r6300v2_firmware - |
||
netgear r6400_firmware - |
||
netgear r6700_firmware - |
||
netgear r6900p_firmware - |
||
netgear r6900_firmware - |
||
netgear r7000p_firmware - |
||
netgear r7000_firmware - |
||
netgear r7100lg_firmware - |
||
netgear r7300_firmware - |
||
netgear r7900_firmware - |
||
netgear r8000_firmware - |
||
netgear r8300_firmware - |
||
netgear r8500_firmware - |
||
netgear wgr614v10_firmware - |
||
netgear wn2500rpv2_firmware - |
||
netgear wndr3400v2_firmware - |
||
netgear wndr3700v3_firmware - |
||
netgear wndr4000_firmware - |
||
netgear wndr4500_firmware - |
||
netgear wndr4500v2_firmware - |
||
netgear wnr1000_firmware - |
||
netgear wnr1000v3_firmware - |
||
netgear wnr3500l_firmware - |
Vulmon