← back
CVE-2009-2257

CVE-2009-2257

EPSS 7.2%
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/8963unverifiedexploitdbwww.exploit-db.com/exploits/8963unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securitytracker.com/id?1022404http://www.exploit-db.com/exploits/8963http://www.securityfocus.com/archive/1/504312/100/0/threadedhttp://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt