.. / CVE-2016-5649

Exploit for NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure (CVE-2016-5649)

Description:

NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page ‘BSW_cxttongr.htm’ which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router’s web interface.

Nuclei Template

View the template here CVE-2016-5649.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-5649.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html
http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2016-5649

.. / CVE-2016-5649 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure (CVE-2016-5649)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-5649