Strix
26.1K

CVE-2009-2257

UnknownEPSS 7.18%

Last modified

CVE-2009-2257 is a vulnerability of currently unknown severity. The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.. EPSS estimates a 7.18% chance of exploitation in the next 30 days.

Description

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.

Metrics

EPSS Probability
7.18%

93.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearDg6323.4.0_ap

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-2257?
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
How severe is CVE-2009-2257?
Severity scoring for CVE-2009-2257 is pending analysis. The EPSS model estimates a 7.18% probability of exploitation in the next 30 days.
How do I fix CVE-2009-2257?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2257?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST