Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netgear GS105Ev2 - Multiple Vulnerabilities

From: Benedikt Westermann <benedikt.westermann () i-sec tuv com>
Date: Tue, 8 Mar 2016 09:09:37 +0000
Hi Nick,


The Netgear website [1] shows that a new version of the firmware was 
released 2 days after your FD post - version 1.4.0.6.
The release notes [2] for the new version don't refer to these 
security issues in any way (instead they mention three fairly 
minor-sounding bugs fixed).



Firmware version: 1.3.0.3,1.4.0.2
Status: unfixed


Status remains the same. The vulnerabilities are also valid for the new version 1.4.0.6. I checked it and could still 
reproduce the password-reset, the XSS, the CSRF, and the found also the cookie mentioned in the report after login. So, 
 nothing has changed with respect to the vulnerabilities.

Regards,
Benedikt

Attachment: smime.p7s
Description: 


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: