CVE-2017-5521

Warning

Exploit

EPSS 93.87%
Published 17.01.2017 09:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.

Affected products Warnungen 1 Metrics 4 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ R6200 Firmware Version1.0.1.56_1.0.43

Netgear ≫ R6200 Version-

Netgear ≫ R6300 Firmware Version1.0.2.78_1.0.58

Netgear ≫ R6300 Version-

Netgear ≫ Vegn2610 Firmware Version1.0.0.36

Netgear ≫ Vegn2610 Version-

Netgear ≫ Ac1450 Firmware Version1.0.0.34_10.0.16

Netgear ≫ Ac1450 Version-

Netgear ≫ Wnr1000v3 Firmware Version1.0.2.68_60.0.93

Netgear ≫ Wnr1000v3 Version-

Netgear ≫ Wndr3700v3 Firmware Version1.0.0.40_1.0.32

Netgear ≫ Wndr3700v3 Version-

Netgear ≫ Wndr4000 Firmware Version1.0.2.4_9.1.86

Netgear ≫ Wndr4000 Version-

Netgear ≫ Wndr4500 Firmware Version1.0.1.44_1.0.73

Netgear ≫ Wndr4500 Version-

Netgear ≫ D6400 Firmware Version1.0.0.44

Netgear ≫ D6400 Version-

Netgear ≫ D6220 Firmware Version1.0.0.12

Netgear ≫ D6220 Version-

Netgear ≫ D6300 Firmware Version1.0.0.96

Netgear ≫ D6300 Version-

Netgear ≫ D6300b Firmware Version1.0.0.40

Netgear ≫ D6300b Version-

Netgear ≫ Dgn2200bv4 Firmware Version1.0.0.68

Netgear ≫ Dgn2200bv4 Version-

08.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability

Vulnerability

Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

Description

Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.87%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability

Vendor Advisory

http://www.securityfocus.com/bid/95457

Third Party Advisory

Broken Link

VDB Entry

https://www.exploit-db.com/exploits/41205/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-5521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5521

EUVD