CVE-2017-10854 : Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authent

Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

Published 2018-03-09 16:29:00

Updated 2018-03-27 13:31:41

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2017-10854

Corega » Cg-wgr 1200 Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Corega » Cg-wgr 1200 » Version: N/A

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Assigned by: nvd@nist.gov (Primary)

Jump to