Lucene search
PRIOn knowledge basePRION:CVE-2021-35973HistoryJun 30, 2021 - 3:15 p.m.
Authentication flaw
2021-06-3015:15:00
PRIOn knowledge base
www.prio-n.com
7
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).
| CPE | Name | Operator | Version |
|---|---|---|---|
| wac104_firmware | lt | 1.0.4.15 |
Related
nvd
nvd
CVE-2021-35973
2021-06-30 15:15:10
CVE-2020-27866
2021-02-12 00:15:12
cvelist
cvelist
CVE-2021-35973
2021-06-30 14:41:04
CVE-2020-27866
2021-02-11 23:35:39
cve
cve
CVE-2021-35973
2021-06-30 15:15:10
CVE-2020-27866
2021-02-12 00:15:12
nuclei
nuclei
NETGEAR - Authentication Bypass
2021-07-18 00:27:34
SonarQube - Authentication Bypass
2021-01-30 09:51:50
prion
prion
Authentication flaw
2021-02-12 00:15:00
zdi
zdi
NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability
2020-12-18 00:00:00
seebug
seebug
NETGEAR WAC104身份验证绕过漏洞(CVE-2021-35973)
2021-07-12 00:00:00
cnvd
cnvd
NETGEAR WAC104 Authentication Bypass Vulnerability
2021-07-01 00:00:00