Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5649

CWE-319 — Cleartext Transmission CWE-200 — Information Exposure5 documents5 sources

Severity

9.8CRITICAL

EPSS

74.3%

top 1.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Dgn2200 Netgear Dgnd3700 Netgear Dgn2200 Firmware +1 more

Timeline

PublishedJul 24

Latest updateMay 13

Description

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5netgear/dgn2200DGN2200-V1.0.0.50_7.0.50

▶CVEListV5netgear/dgnd3700DGND3700-V1.0.0.17_1.0.17

▶NVDnetgear/dgn2200_firmware1.0.0.50_7.0.50

▶NVDnetgear/dgnd3700_firmware1.0.0.17_1.0.17

🔴Vulnerability Details

GHSA

GHSA-xgqp-24fp-7v85: A vulnerability is in the 'BSW_cxttongr↗2022-05-13

▶

CVEList

Netgear DGN2200 and DGND3700 disclose the administrator password↗2018-07-24

▶

💥Exploits & PoCs

Exploit-DB

Netgear DGN2200 / DGND3700 - Admin Password Disclosure↗2019-04-30

▶

Nuclei

NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure

▶