漏洞标题
NETGEAR多路由器curl_post证书验证不当远程代码执行漏洞
漏洞描述信息
NETGEAR多款路由器curl_post不正确的证书验证远程代码执行漏洞。此漏洞使网络相邻的攻击者能够破坏受影响的NETGEAR路由器上下载信息的完整性。利用此漏洞无需身份验证。
具体漏洞存在于通过HTTPS运行的更新功能中。问题在于未能正确验证服务器呈现的证书。攻击者可以借此与其他漏洞结合,以root的上下文执行任意代码。此漏洞由ZDI-CAN-19981标识。
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
证书验证不恰当
漏洞标题
NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability
漏洞描述信息
NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981.
CVSS信息
N/A
漏洞类别
证书验证不恰当
漏洞标题
NETGEAR Routers 安全漏洞
漏洞描述信息
NETGEAR Routers是美国网件(NETGEAR)公司的一系列路由器。 NETGEAR Routers存在安全漏洞,该漏洞源于curl_post存在远程代码执行漏洞。
CVSS信息
N/A
漏洞类别
其他