CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

Published: Jul 7, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2969
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
netgear / gs108pe_firmware	1.2.0.5	1.2.0.5.x

http://www.kb.cert.org/vuls/id/143740

Vulnerability Database

290,206

CVE-2014-2969