Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-09T12:06:57

Updated: 2024-08-05T01:40:15.201Z

Reserved: 2019-10-09T00:00:00

Link: CVE-2019-17372

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-10-09T13:15:16.863

Modified: 2019-10-18T14:56:10.027

Link: CVE-2019-17372

cve-icon Redhat

No data.