Closed ntadmin closed 7 years ago
The only .cgi files on the router are all in /www.eng, as follows:
genie_restore_config.cgi netgear-setup.cgi page-server.cgi securityquestions.cgi setupwizard.cgi upgrade_stringTbl.cgi
htpwd_recovery.cgi nocache.cgi restore_config.cgi setup.cgi upgrade_flash.cgi
This exploit relies on the presence of unauth.cgi
or passwordrecover.cgi
neither of which is present, so this is not an issue for this router.
A vulnerability on netgear routers has been reported: http://www.silicon.co.uk/security/netgear-router-security-204061?utm_source=2017-02-01&utm_medium=email&utm_campaign=uk_silicon&referrer=nl_uk_silicon&t=6bce9a97f2c74e5b804011819ae023d11666671&pos=content-top_0_textContent
Need to verify that it is either not present, or resolve.