CVE Vulnerabilities

CVE-2014-2969

Published: Jul 07, 2014 | Modified: Jul 07, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
8.3 HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

Affected Software

Name Vendor Start Version End Version
Gs108pe_firmware Netgear 1.2.0.5 1.2.0.5

References