Vulnerability Details : CVE-2014-2969
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2014-2969
Probability of exploitation activity in the next 30 days: 0.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2969
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST |
CWE ids for CVE-2014-2969
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2969
-
http://www.kb.cert.org/vuls/id/143740
VU#143740 - Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentialsUS Government Resource
Products affected by CVE-2014-2969
- cpe:2.3:o:netgear:gs108pe_firmware:1.2.0.5:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:gs108pe:-:*:*:*:*:*:*:*