Vulnerability Details CVE-2014-2969
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v2 Score 8.3
Products affected by CVE-2014-2969
-
cpe:2.3:h:netgear:gs108pe:-
-
cpe:2.3:o:netgear:gs108pe_firmware:1.2.0.5