CVE ID | |
CVSS SCORE | 5.7, AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
AFFECTED VENDORS |
NETGEAR |
AFFECTED PRODUCTS |
AC1200 |
VULNERABILITY DETAILS |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR AC1200 Smart WiFi Router. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of admin credentials provided to the mini_httpd endpoint. The issue results from displaying sensitive information in plaintext. An attacker can leverage this vulnerability to disclose sensitive information in the context of the administrator. |
ADDITIONAL DETAILS |
This vulnerability is being disclosed publicly without a patch in accordance with ZDI policies. 06/27/19 – ZDI reported the vulnerability to the vendor -- Mitigation: |
DISCLOSURE TIMELINE |
|
CREDIT | Michael Flanders of Trend Micro Zero Day Initiative |