This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgear cax80 firmware |
||
netgear lax20 firmware |
||
netgear mr60 firmware |
||
netgear mr80 firmware |
||
netgear ms60 firmware |
||
netgear ms80 firmware |
||
netgear r6400 firmware |
||
netgear r6700 firmware |
||
netgear r6900p firmware |
||
netgear r7000 firmware |
||
netgear r7000p firmware |
||
netgear r7850 firmware |
||
netgear r7900p firmware |
||
netgear r7960p firmware |
||
netgear r8000 firmware |
||
netgear r8000p firmware |
||
netgear r8500 firmware |
||
netgear rax15 firmware |
||
netgear rax20 firmware |
||
netgear rax200 firmware |
||
netgear rax35 firmware |
||
netgear rax38 firmware |
||
netgear rax40 firmware |
||
netgear rax42 firmware |
||
netgear rax43 firmware |
||
netgear rax45 firmware |
||
netgear rax48 firmware |
||
netgear rax50 firmware |
||
netgear rax50s firmware |
||
netgear rax75 firmware |
||
netgear rax80 firmware |
||
netgear rs400 firmware |
||
netgear r7100lg firmware |