Signature Detail
Short Name |
HTTP:NETGEAR:NETGEAR-PRO-SAFE |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Netgear ProSafe Remote Information Disclosure |
Release Date |
2013/09/03 |
Update Number |
2296 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Netgear ProSafe Remote Information Disclosure
This signature detects attempts to exploit a known vulnerability against Netgear ProSafe. A successful attack may lead to unauthorized information disclosure.
Extended Description
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
Affected Products
- netgear prosafe_firmware 5.0.4.4
- netgear prosafe_firmware 5.3.0.17
- netgear prosafe_firmware 5.4.0.6
- netgear prosafe_firmware 5.4.1.10
- netgear prosafe_firmware 6.1.0.12
- netgear prosafe_firmware up to 5.4.1.13
- netgear prosafe_firmware up to 5.4.1.14
- netgear prosafe_gs510tp -
- netgear prosafe_gs724t v3
- netgear prosafe_gs725ts -
- netgear prosafe_gs728tps -
- netgear prosafe_gs728ts -
- netgear prosafe_gs728txs -
- netgear prosafe_gs748t v4
- netgear prosafe_gs752tps -
- netgear prosafe_gs752txs -
- netgear prosafe_s716t v2
References
- BugTraq: 61924
- BugTraq: 63646
- BugTraq: 61918
- CVE: CVE-2013-4776
- CVE: CVE-2013-4775