Test ID:	1.3.6.1.4.1.25623.1.0.103880
Category:	Web application abuses
Title:	NETGEAR WNR1000v3 Password Disclosure Vulnerability
Summary:	Newer firmware versions of the Netgear N150 WNR1000v3; wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability; allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain; full access to the device. This vulnerability can be exploited remotely if the remote administration access; feature is enabled (as well as locally via wired or wireless access).
Description:	Summary: Newer firmware versions of the Netgear N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's (plaintext) Administrator credentials and subsequently gain full access to the device. This vulnerability can be exploited remotely if the remote administration access feature is enabled (as well as locally via wired or wireless access). Vulnerability Insight: Netgear WNR1000v3 routers suffer from a flaw in the password recovery flow that allows for disclosure of the plaintext router credentials. Vulnerability Impact: An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized administrative access to the affected application. Affected Software/OS: Tested Device Firmware Versions: V1.0.2.60_60.0.86 and V1.0.2.54_60.0.82NA Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.