CVE ID | |
CVSS SCORE | 4.4, AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
AFFECTED VENDORS |
NETGEAR |
AFFECTED PRODUCTS |
AC1200 |
VULNERABILITY DETAILS |
This vulnerability allows network-adjacent attackers to disclose sensitive information on vulnerable installations of NETGEAR AC1200 Smart WiFi Router. Authentication is required to exploit this vulnerability. The specific flaw exists within the storage of administrator credentials. The credentials are stored in a recoverable format making them subject to password reuse attacks. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator. |
ADDITIONAL DETAILS |
This vulnerability is being disclosed publicly without a patch in accordance with ZDI policies. 06/27/19 – ZDI reported the vulnerability to the vendor -- Mitigation: |
DISCLOSURE TIMELINE |
|
CREDIT | Michael Flanders of Trend Micro Zero Day Initiative |