Bypassing Authentication on NETGEAR Routers

“Hmm, what is that unauth.cgi thingy? and what does that id number mean?”, I thought to myself.

Luckily for me the Internet connection had come back on its own, but I was now a man on a mission, so I started to look around to see if there were any known vulnerabilities for my VEGN2610. It turned out that there are none. :< I started looking up what that "unauth.cgi" page could be, and I found 2 publicly disclosed exploits from 2014, for different models that manage to do unauthenticated password disclosure. Booyah! Exactly what I need. (link 1 & link 2) Those two guys found out that the number we get from unauth.cgi can be used with passwordrecovered.cgi to retrieve the credentials. I tested the method described in both, and voila - I have my password, now I can go to sleep happy and satisfied. I woke up the next morning excited by the discovery, I thought to myself: "3 routers with same issue… Coincidence? I think not". Luckily, I had another, older NETGEAR router laying around; I tested it and bam! Exploited.

Source: CVE-2017-5521: Bypassing Authentication on NETGEAR Routers

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Leave a Reply