CVE-2013-4775 : NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

Published 2013-12-19 04:24:48

Updated 2013-12-19 19:19:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2013-4775

Probability of exploitation activity in the next 30 days: 67.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-4775

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-4775

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4775

http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf

Exploit

CVEs referencing this url

Products affected by CVE-2013-4775

Netgear » Prosafe Firmware
Versions up to, including, (<=) 5.4.1.13
cpe:2.3:o:netgear:prosafe_firmware:*:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware
Versions up to, including, (<=) 5.4.1.14
cpe:2.3:o:netgear:prosafe_firmware:*:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware » Version: 5.3.0.17
cpe:2.3:o:netgear:prosafe_firmware:5.3.0.17:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware » Version: 5.4.1.10
cpe:2.3:o:netgear:prosafe_firmware:5.4.1.10:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware » Version: 5.4.0.6
cpe:2.3:o:netgear:prosafe_firmware:5.4.0.6:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware » Version: 5.0.4.4
cpe:2.3:o:netgear:prosafe_firmware:5.0.4.4:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware » Version: 6.1.0.12
cpe:2.3:o:netgear:prosafe_firmware:6.1.0.12:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Firmware » Version: 5.4.1.13
cpe:2.3:o:netgear:prosafe_firmware:5.4.1.13:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs728tps » Version: N/A
cpe:2.3:h:netgear:prosafe_gs728tps:-:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs725ts » Version: N/A
cpe:2.3:h:netgear:prosafe_gs725ts:-:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs752tps » Version: N/A
cpe:2.3:h:netgear:prosafe_gs752tps:-:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs728ts » Version: N/A
cpe:2.3:h:netgear:prosafe_gs728ts:-:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs724t » Version: V3
cpe:2.3:h:netgear:prosafe_gs724t:v3:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe S716t » Version: V2
cpe:2.3:h:netgear:prosafe_s716t:v2:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs728txs » Version: N/A
cpe:2.3:h:netgear:prosafe_gs728txs:-:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs752txs » Version: N/A
cpe:2.3:h:netgear:prosafe_gs752txs:-:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs748t » Version: V4
cpe:2.3:h:netgear:prosafe_gs748t:v4:*:*:*:*:*:*:*
Matching versions
Netgear » Prosafe Gs510tp » Version: N/A
cpe:2.3:h:netgear:prosafe_gs510tp:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-4775

Exploit prediction scoring system (EPSS) score for CVE-2013-4775

CVSS scores for CVE-2013-4775

CWE ids for CVE-2013-4775

References for CVE-2013-4775

Products affected by CVE-2013-4775