← Advisories

Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit

Medium

Advisory ID

ZSL-2014-5208

Release Date

21 November 2014

Vendor

NETGEAR - http://www.netgear.com

Affected Version

WNR500 (firmware: 1.0.7.2)

CVE

N/A

Tested On

mini_httpd/1.19 19dec2003

Summary

The NETGEAR compact N150 classic wireless router (WNR500) improves your legacy Wireless-G network. It is a simple, secure way to share your Internet connection and allows you to easily surf the Internet, use email, and have online chats. The quick, CD-less setup can be done through a web browser. The small, efficient design fits perfectly into your home.

Description

The router suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'getpage' parameter to 'webproc' script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks.

Proof of Concept

netgearwnr500_lfi.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://cxsecurity.com/issue/WLB-2014110148

[2]http://packetstormsecurity.com/files/129223

[3]http://www.exploit-db.com/exploits/35325/

[4]http://www.securityfocus.com/bid/70050

[5]http://osvdb.org/show/osvdb/114967

Changelog

21.11.2014Initial release

22.11.2014Added reference [1], [2] and [3]

24.11.2014Added reference [4]

25.11.2014Added reference [5]