.. / CVE-2017-5521

Exploit for NETGEAR Routers - Authentication Bypass (CVE-2017-5521)

Description:

NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server.

Nuclei Template

View the template here CVE-2017-5521.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-5521.yaml

References:

http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
https://www.exploit-db.com/exploits/41205/
https://nvd.nist.gov/vuln/detail/CVE-2017-5521
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/

.. / CVE-2017-5521 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for NETGEAR Routers - Authentication Bypass (CVE-2017-5521)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-5521