Hi Nick, > The Netgear website [1] shows that a new version of the firmware was > released 2 days after your FD post - version 1.4.0.6. > The release notes [2] for the new version don't refer to these > security issues in any way (instead they mention three fairly > minor-sounding bugs fixed). >> Firmware version: 1.3.0.3,1.4.0.2 >> Status: unfixed Status remains the same. The vulnerabilities are also valid for the new version 1.4.0.6. I checked it and could still reproduce the password-reset, the XSS, the CSRF, and the found also the cookie mentioned in the report after login. So, nothing has changed with respect to the vulnerabilities. Regards, Benedikt
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/