CVE-2014-2969
NETGEAR GS108PE Prosafe Plus Firmware 1.2.0.5 - Hardcoded Password for ntgruser Account
Title source: llmDescription
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/143740
Scores
EPSS
0.0028
EPSS Percentile
51.6%
Details
CWE
CWE-255
Status
published
Products (2)
netgear/gs108pe
netgear/gs108pe_firmware
1.2.0.5
Published
Jul 07, 2014
Tracked Since
Feb 18, 2026