CVE-2009-2257

Netgear DG632 3.4.0_ap - Auth Bypass

Title source: llm

Description

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tom Neaves · textremotehardware

https://www.exploit-db.com/exploits/8963

View Code ZIP pw:eip

References (4)

[Exploit] http://securitytracker.com/id?1022404

[Exploit] http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/504312/100/0/threaded

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/8963

Scores

EPSS 0.0410

EPSS Percentile 88.4%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

netgear/dg632

Timeline

Published Jun 30, 2009

Tracked Since Feb 18, 2026