Vulnerability Details CVE-2016-5638
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2016-5638
-
cpe:2.3:h:netgear:wndr4500:-
-
cpe:2.3:o:netgear:wndr4500_firmware:1.0.1.40_1.0.6877