CVE-2016-5638

CVE-2016-5638: Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text

Vendor Netgear
Product WNDR4500
Weakness CWE-319 · Cleartext transmission
Published July 24, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.

Key dates

02Disclosure timeline

July 24, 2018 CVE published
August 6, 2024 Record updated