Netgear WNDR3700 Bypass

Date Disclosed:
10/31/2013

Date Patched:
No patch available.

Vendor:
Netgear
Affected Software:

WNDR4700 router

WNDR3700v4 router

Possibly other routers

1.0.1.42 firmware and prior

Description:

Affected devices are vulnerable to a security bypass flaw that permits attackers to access any part of the management interface of the device. If remote administration is enabled, this can be exploited from the Internet.
Severity:
High
Code Execution:
No
Impact:

Security Bypass

This vulnerability allows an attacker to bypass certain security restrictions on the system, allowing the attacker to gain unauthorized access to the system.

Mitigation:
To help mitigate WAN-based attacks, disable the administration interface for non-local network addresses.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

• 31286 - Netgear WNDR3700 Bypass (20131031) (Zero-Day)
• 31234 - Multiple Router Vendor ping6 Command Injection (Zero-Day) - Remote

Links:

• Original Advisory
• Secondary Advisory

Status:
2013-10-31: Original Disclosure