Intrusion Prevention

NETGEAR.ProSafe.Startup-Config.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in multiple NETGEAR RroSafe products.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling HTTP requests. A remote attacker can exploit this to gain unauthorized access to sensitive information via a HTTP request.

Affected Products

NETGEAR ProSafe GS724Tv3 5.4.1.13 and prior
NETGEAR ProSafe GS716Tv2 5.4.1.13 and prior
NETGEAR ProSafe GS748Tv4 5.4.1.14 and prior
NETGEAR ProSafe GS510TP 5.4.0.6 and prior
NETGEAR ProSafe GS752TPS 5.3.0.17 and prior
NETGEAR ProSafe GS728TPS 5.3.0.17 and prior
NETGEAR ProSafe GS728TS 5.3.0.17 and prior
NETGEAR ProSafe GS725TS 5.3.0.17 and prior
NETGEAR ProSafe GS752TXS 6.1.0.12 and prior
NETGEAR ProSafe GS728TXS 6.1.0.12 and prior

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2013-4775