Full Disclosure mailing list archives
Re: Netgear GS105Ev2 - Multiple Vulnerabilities
From: Benedikt Westermann <benedikt.westermann () i-sec tuv com>
Date: Tue, 8 Mar 2016 09:09:37 +0000
Hi Nick,
The Netgear website [1] shows that a new version of the firmware was released 2 days after your FD post - version 1.4.0.6. The release notes [2] for the new version don't refer to these security issues in any way (instead they mention three fairly minor-sounding bugs fixed).
Firmware version: 1.3.0.3,1.4.0.2 Status: unfixed
Status remains the same. The vulnerabilities are also valid for the new version 1.4.0.6. I checked it and could still reproduce the password-reset, the XSS, the CSRF, and the found also the cookie mentioned in the report after login. So, nothing has changed with respect to the vulnerabilities. Regards, Benedikt
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Netgear GS105Ev2 - Multiple Vulnerabilities Nick Boyce (Mar 04)
- <Possible follow-ups>
- Re: Netgear GS105Ev2 - Multiple Vulnerabilities Benedikt Westermann (Mar 09)